Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-4605
Vulnerability from cvelistv5
Published
2012-11-23 20:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:19.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1027501", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027501", }, { name: "49656", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49656", }, { name: "RHSA-2012:1028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { name: "49658", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49658", }, { name: "RHSA-2012:1109", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { name: "RHSA-2012:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { name: "50084", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50084", }, { name: "RHSA-2012:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { name: "RHSA-2012:1027", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { name: "54644", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/54644", }, { name: "RHSA-2012:1026", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { name: "50549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50549", }, { name: "RHSA-2012:1024", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { name: "RHSA-2012:1232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "RHSA-2012:1022", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { name: "RHSA-2012:1023", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { name: "RHSA-2012:1125", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-20T00:00:00", descriptions: [ { lang: "en", value: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-30T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1027501", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027501", }, { name: "49656", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49656", }, { name: "RHSA-2012:1028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { name: "49658", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49658", }, { name: "RHSA-2012:1109", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { name: "RHSA-2012:1025", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { name: "50084", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50084", }, { name: "RHSA-2012:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { name: "RHSA-2012:1027", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { name: "54644", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/54644", }, { name: "RHSA-2012:1026", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { name: "50549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50549", }, { name: "RHSA-2012:1024", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { name: "RHSA-2012:1232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "RHSA-2012:1022", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { name: "RHSA-2012:1023", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { name: "RHSA-2012:1125", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4605", datePublished: "2012-11-23T20:00:00", dateReserved: "2011-11-29T00:00:00", dateUpdated: "2024-08-07T00:09:19.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*\", \"matchCriteriaId\": \"424C0428-6E78-42B2-B77A-921116528D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A785F07-9B76-4153-B676-29C9682B2F73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.0\", \"matchCriteriaId\": \"E867ECA4-43A5-4424-B703-437991A1C58A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9C9C8B4-693E-4777-BC31-5933147DFC54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D66D2843-0273-4A3A-A9D1-48BBB15031B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6572BFDD-0A35-48CC-99A1-2BDE27BABB62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EF1898E-1A25-442B-865F-1C27B9E5F0D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*\", \"matchCriteriaId\": \"67BD448A-745D-4387-ABC8-A18DF142574D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C534793-58E0-45B9-84D7-D21E1C4C9F7B\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"El (1) servicio JNDI, (2) servicio HA-JNDI, y (3) servlet HAJNDIFactory en JBoss Enterprise Application Platform v4.3.0 CP10 y v5.1.2, Web Platform v5.1.2, SOA Platform v4.2.0.CP05 y v4.3.0.CP05, Portal Platform 4.3 CP07 y v5.2.x anterior a v5.2.2, y BRMS Platform anterior v5.3.0 no restringe correctamente el acceso de escritura, permitiendo a atacantes remotos a\\u00f1adir, borrar o modificar elementos en un \\u00e1rbol JNDI mediante vectores desconocidos.\"}]", id: "CVE-2011-4605", lastModified: "2024-11-21T01:32:38.843", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2012-11-23T20:55:01.993", references: "[{\"url\": \"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1022.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1023.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1024.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1025.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1026.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1027.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1028.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1109.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1125.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1232.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1295.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/49656\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49658\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/50084\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/50549\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/54644\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1027501\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1027.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1109.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1125.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1232.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1295.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/49656\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/50084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/50549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/54644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1027501\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2011-4605\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-11-23T20:55:01.993\",\"lastModified\":\"2024-11-21T01:32:38.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El (1) servicio JNDI, (2) servicio HA-JNDI, y (3) servlet HAJNDIFactory en JBoss Enterprise Application Platform v4.3.0 CP10 y v5.1.2, Web Platform v5.1.2, SOA Platform v4.2.0.CP05 y v4.3.0.CP05, Portal Platform 4.3 CP07 y v5.2.x anterior a v5.2.2, y BRMS Platform anterior v5.3.0 no restringe correctamente el acceso de escritura, permitiendo a atacantes remotos añadir, borrar o modificar elementos en un árbol JNDI mediante vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*\",\"matchCriteriaId\":\"424C0428-6E78-42B2-B77A-921116528D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A785F07-9B76-4153-B676-29C9682B2F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.0\",\"matchCriteriaId\":\"E867ECA4-43A5-4424-B703-437991A1C58A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9C9C8B4-693E-4777-BC31-5933147DFC54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D66D2843-0273-4A3A-A9D1-48BBB15031B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6572BFDD-0A35-48CC-99A1-2BDE27BABB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EF1898E-1A25-442B-865F-1C27B9E5F0D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"67BD448A-745D-4387-ABC8-A18DF142574D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C534793-58E0-45B9-84D7-D21E1C4C9F7B\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1022.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1023.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1024.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1025.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1027.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1028.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1109.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1125.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1232.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1295.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/49656\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/49658\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50084\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50549\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/54644\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1027501\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1109.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1125.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1232.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/49658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/50549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/54644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
rhsa-2012:1026
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas and jboss-naming security update
Notes
Topic
Updated jbossas and jboss-naming packages that fix two security issues are
now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 4, 5, and 6 should upgrade to these updated packages, which correct
these issues. The JBoss server process must be restarted for this update to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas and jboss-naming packages that fix two security issues are\nnow available for JBoss Enterprise Application Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1026", url: "https://access.redhat.com/errata/RHSA-2012:1026", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1026.json", }, ], title: "Red Hat Security Advisory: jbossas and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:16:57+00:00", generator: { date: "2024-11-22T05:16:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1026", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012_1125
Vulnerability from csaf_redhat
Published
2012-07-31 14:24
Modified
2024-11-22 05:43
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update
Notes
Topic
JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure.
This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement
for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A denial of service flaw was found in the implementation of associative
arrays (hashes) in JRuby. An attacker able to supply a large number of
inputs to a JRuby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, randomization
has been added to the hash function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2011-4838)
Note: JBoss Enterprise SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2011-4838 flaw
is not exposed unless the version of JRuby shipped with that quickstart is
used by a deployed, custom application.
It was found that RESTEasy was vulnerable to XML External Entity (XXE)
attacks. If a remote attacker submitted a request containing an external
XML entity to a RESTEasy endpoint, the entity would be resolved, allowing
the attacker to read files accessible to the user running the application
server. This flaw affected DOM (Document Object Model) Document and JAXB
(Java Architecture for XML Binding) input. The fix for this issue is not
enabled by default. Refer to the Solution section for details.
(CVE-2012-0818)
Multiple flaws were found in the Oracle OpenSSO authentication and
administration components. A remote attacker could use these flaws to
affect the integrity and availability of a service that uses Oracle
OpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)
Note: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of
the opensso quickstart example application. The CVE-2011-3506,
CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso
quickstart example application is deployed, or you have created and
deployed a custom application that is packaged with a copy of Oracle
OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in this release to address these
flaws. Users interested in continuing to receive updates for their custom
applications using Oracle OpenSSO are advised to contact Oracle as Red Hat
is no longer supporting OpenSSO.
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT
acknowledges Julian Wälde and Alexander Klink as the original reporters of
CVE-2011-4838.
Warning: Before installing version 5.3.0, back up your existing JBoss
Enterprise SOA Platform installation (including its databases,
applications, configuration files, and so on).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement\nfor JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in JRuby. An attacker able to supply a large number of\ninputs to a JRuby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, randomization\nhas been added to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2011-4838)\n\nNote: JBoss Enterprise SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2011-4838 flaw\nis not exposed unless the version of JRuby shipped with that quickstart is\nused by a deployed, custom application.\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. The fix for this issue is not\nenabled by default. Refer to the Solution section for details.\n(CVE-2012-0818)\n\nMultiple flaws were found in the Oracle OpenSSO authentication and\nadministration components. A remote attacker could use these flaws to\naffect the integrity and availability of a service that uses Oracle\nOpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)\n\nNote: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of\nthe opensso quickstart example application. The CVE-2011-3506,\nCVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso\nquickstart example application is deployed, or you have created and\ndeployed a custom application that is packaged with a copy of Oracle\nOpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in this release to address these\nflaws. Users interested in continuing to receive updates for their custom\napplications using Oracle OpenSSO are advised to contact Oracle as Red Hat\nis no longer supporting OpenSSO.\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT\nacknowledges Julian Wälde and Alexander Klink as the original reporters of\nCVE-2011-4838.\n\nWarning: Before installing version 5.3.0, back up your existing JBoss\nEnterprise SOA Platform installation (including its databases,\napplications, configuration files, and so on).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1125", url: "https://access.redhat.com/errata/RHSA-2012:1125", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", url: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", }, { category: "external", summary: "785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1125.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update", tracking: { current_release_date: "2024-11-22T05:43:20+00:00", generator: { date: "2024-11-22T05:43:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1125", initial_release_date: "2012-07-31T14:24:00+00:00", revision_history: [ { date: "2012-07-31T14:24:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-31T14:32:35+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:43:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-3506", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749078", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3506", }, { category: "external", summary: "RHBZ#749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3506", url: "https://www.cve.org/CVERecord?id=CVE-2011-3506", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { cve: "CVE-2011-3517", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749079", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3517", }, { category: "external", summary: "RHBZ#749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3517", url: "https://www.cve.org/CVERecord?id=CVE-2011-3517", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2011-4838", discovery_date: "2011-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "770820", }, ], notes: [ { category: "description", text: "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", title: "Vulnerability description", }, { category: "summary", text: "jruby: hash table collisions DoS (oCERT-2011-003)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4838", }, { category: "external", summary: "RHBZ#770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4838", url: "https://www.cve.org/CVERecord?id=CVE-2011-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", }, ], release_date: "2011-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jruby: hash table collisions DoS (oCERT-2011-003)", }, { cve: "CVE-2011-5245", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-5245", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-5245", url: "https://www.cve.org/CVERecord?id=CVE-2011-5245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-0079", discovery_date: "2012-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "783898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0079", }, { category: "external", summary: "RHBZ#783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0079", url: "https://www.cve.org/CVERecord?id=CVE-2012-0079", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", }, ], release_date: "2012-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", }, { cve: "CVE-2012-0818", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0818", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0818", url: "https://www.cve.org/CVERecord?id=CVE-2012-0818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1025
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
Updated jbossas packages that fix one security issue are now available for
JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat
Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat
Enterprise Linux 4 and 5 should upgrade to these updated packages, which
correct this issue. The JBoss server process must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas packages that fix one security issue are now available for\nJBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat\nEnterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat\nEnterprise Linux 4 and 5 should upgrade to these updated packages, which\ncorrect this issue. The JBoss server process must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1025", url: "https://access.redhat.com/errata/RHSA-2012:1025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1025.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:53+00:00", generator: { date: "2024-11-22T05:16:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1025", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1025", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1027
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas-web and jboss-naming security update
Notes
Topic
Updated jbossas-web and jboss-naming packages that fix two security issues
are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to locate
objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "server/[PROFILE]/deploy/" directory and any other customized
configuration files.
Users of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,
5, and 6 should upgrade to these updated packages, which correct these
issues. The JBoss server process must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas-web and jboss-naming packages that fix two security issues\nare now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to locate\nobjects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"server/[PROFILE]/deploy/\" directory and any other customized\nconfiguration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1027", url: "https://access.redhat.com/errata/RHSA-2012:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1027.json", }, ], title: "Red Hat Security Advisory: jbossas-web and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:17:01+00:00", generator: { date: "2024-11-22T05:17:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1027", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012_1023
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "jboss-as-web/server/[PROFILE]/deploy/" directory and any other
customized configuration files.
All users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red
Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nAll users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red\nHat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1023", url: "https://access.redhat.com/errata/RHSA-2012:1023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1023.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:39+00:00", generator: { date: "2024-11-22T05:16:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1023", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.1", product: { name: "Red Hat JBoss Web Platform 5.1", product_id: "Red Hat JBoss Web Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1023", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
RHSA-2012:1028
Vulnerability from csaf_redhat
Published
2012-06-22 01:12
Modified
2024-11-22 05:43
Summary
Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update
Notes
Topic
JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise BRMS Platform is a business rules management system for
the management, storage, creation, modification, and deployment of JBoss
Rules. The Java Naming and Directory Interface (JNDI) Java API allows Java
software clients to locate objects or services in an application server.
This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a
replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various
bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS
Platform 5.3.0 Release Notes. The Release Notes will be available shortly
from https://docs.redhat.com/docs/en-US/index.html
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
It was found that the invoker servlets, deployed by default via
httpha-invoker, only performed access control on the HTTP GET and POST
methods, allowing remote attackers to make unauthenticated requests by
using different HTTP methods. Due to the second layer of authentication
provided by a security interceptor, this issue is not exploitable on
default installations unless an administrator has misconfigured the
security interceptor or disabled it. (CVE-2011-4085)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying the update, back up your existing JBoss Enterprise
BRMS Platform installation (including its databases, applications,
configuration files, and so on).
All users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to upgrade to JBoss Enterprise BRMS
Platform 5.3.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise BRMS Platform is a business rules management system for\nthe management, storage, creation, modification, and deployment of JBoss\nRules. The Java Naming and Directory Interface (JNDI) Java API allows Java\nsoftware clients to locate objects or services in an application server.\n\nThis release of JBoss Enterprise BRMS Platform 5.3.0 serves as a\nreplacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various\nbug fixes and enhancements which are detailed in the JBoss Enterprise BRMS\nPlatform 5.3.0 Release Notes. The Release Notes will be available shortly\nfrom https://docs.redhat.com/docs/en-US/index.html\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nIt was found that the invoker servlets, deployed by default via\nhttpha-invoker, only performed access control on the HTTP GET and POST\nmethods, allowing remote attackers to make unauthenticated requests by\nusing different HTTP methods. Due to the second layer of authentication\nprovided by a security interceptor, this issue is not exploitable on\ndefault installations unless an administrator has misconfigured the\nsecurity interceptor or disabled it. (CVE-2011-4085)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nBRMS Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise BRMS\nPlatform 5.3.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1028", url: "https://access.redhat.com/errata/RHSA-2012:1028", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", }, { category: "external", summary: "https://docs.redhat.com/docs/en-US/index.html", url: "https://docs.redhat.com/docs/en-US/index.html", }, { category: "external", summary: "750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1028.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update", tracking: { current_release_date: "2024-11-22T05:43:11+00:00", generator: { date: "2024-11-22T05:43:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1028", initial_release_date: "2012-06-22T01:12:00+00:00", revision_history: [ { date: "2012-06-22T01:12:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-22T01:19:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:43:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-4085", discovery_date: "2011-10-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "750422", }, ], notes: [ { category: "description", text: "The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.", title: "Vulnerability description", }, { category: "summary", text: "Invoker servlets authentication bypass (HTTP verb tampering)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4085", }, { category: "external", summary: "RHBZ#750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4085", url: "https://www.cve.org/CVERecord?id=CVE-2011-4085", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", }, ], release_date: "2011-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Invoker servlets authentication bypass (HTTP verb tampering)", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
rhsa-2012_1028
Vulnerability from csaf_redhat
Published
2012-06-22 01:12
Modified
2024-11-22 05:43
Summary
Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update
Notes
Topic
JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise BRMS Platform is a business rules management system for
the management, storage, creation, modification, and deployment of JBoss
Rules. The Java Naming and Directory Interface (JNDI) Java API allows Java
software clients to locate objects or services in an application server.
This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a
replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various
bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS
Platform 5.3.0 Release Notes. The Release Notes will be available shortly
from https://docs.redhat.com/docs/en-US/index.html
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
It was found that the invoker servlets, deployed by default via
httpha-invoker, only performed access control on the HTTP GET and POST
methods, allowing remote attackers to make unauthenticated requests by
using different HTTP methods. Due to the second layer of authentication
provided by a security interceptor, this issue is not exploitable on
default installations unless an administrator has misconfigured the
security interceptor or disabled it. (CVE-2011-4085)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying the update, back up your existing JBoss Enterprise
BRMS Platform installation (including its databases, applications,
configuration files, and so on).
All users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to upgrade to JBoss Enterprise BRMS
Platform 5.3.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise BRMS Platform is a business rules management system for\nthe management, storage, creation, modification, and deployment of JBoss\nRules. The Java Naming and Directory Interface (JNDI) Java API allows Java\nsoftware clients to locate objects or services in an application server.\n\nThis release of JBoss Enterprise BRMS Platform 5.3.0 serves as a\nreplacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various\nbug fixes and enhancements which are detailed in the JBoss Enterprise BRMS\nPlatform 5.3.0 Release Notes. The Release Notes will be available shortly\nfrom https://docs.redhat.com/docs/en-US/index.html\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nIt was found that the invoker servlets, deployed by default via\nhttpha-invoker, only performed access control on the HTTP GET and POST\nmethods, allowing remote attackers to make unauthenticated requests by\nusing different HTTP methods. Due to the second layer of authentication\nprovided by a security interceptor, this issue is not exploitable on\ndefault installations unless an administrator has misconfigured the\nsecurity interceptor or disabled it. (CVE-2011-4085)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nBRMS Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise BRMS\nPlatform 5.3.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1028", url: "https://access.redhat.com/errata/RHSA-2012:1028", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", }, { category: "external", summary: "https://docs.redhat.com/docs/en-US/index.html", url: "https://docs.redhat.com/docs/en-US/index.html", }, { category: "external", summary: "750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1028.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update", tracking: { current_release_date: "2024-11-22T05:43:11+00:00", generator: { date: "2024-11-22T05:43:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1028", initial_release_date: "2012-06-22T01:12:00+00:00", revision_history: [ { date: "2012-06-22T01:12:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-22T01:19:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:43:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-4085", discovery_date: "2011-10-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "750422", }, ], notes: [ { category: "description", text: "The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.", title: "Vulnerability description", }, { category: "summary", text: "Invoker servlets authentication bypass (HTTP verb tampering)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4085", }, { category: "external", summary: "RHBZ#750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4085", url: "https://www.cve.org/CVERecord?id=CVE-2011-4085", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", }, ], release_date: "2011-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Invoker servlets authentication bypass (HTTP verb tampering)", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
rhsa-2012:1025
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
Updated jbossas packages that fix one security issue are now available for
JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat
Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat
Enterprise Linux 4 and 5 should upgrade to these updated packages, which
correct this issue. The JBoss server process must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas packages that fix one security issue are now available for\nJBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat\nEnterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat\nEnterprise Linux 4 and 5 should upgrade to these updated packages, which\ncorrect this issue. The JBoss server process must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1025", url: "https://access.redhat.com/errata/RHSA-2012:1025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1025.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:53+00:00", generator: { date: "2024-11-22T05:16:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1025", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1025", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1109
Vulnerability from csaf_redhat
Published
2012-07-23 17:47
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Portal Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files.
All users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the
Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nPortal Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles.\n\nAll users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the\nRed Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1109", url: "https://access.redhat.com/errata/RHSA-2012:1109", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1109.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:09+00:00", generator: { date: "2024-11-22T05:17:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1109", initial_release_date: "2012-07-23T17:47:00+00:00", revision_history: [ { date: "2012-07-23T17:47:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-23T17:53:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-23T17:47:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1109", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1109
Vulnerability from csaf_redhat
Published
2012-07-23 17:47
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Portal Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files.
All users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the
Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nPortal Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles.\n\nAll users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the\nRed Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1109", url: "https://access.redhat.com/errata/RHSA-2012:1109", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1109.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:09+00:00", generator: { date: "2024-11-22T05:17:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1109", initial_release_date: "2012-07-23T17:47:00+00:00", revision_history: [ { date: "2012-07-23T17:47:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-23T17:53:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-23T17:47:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1109", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
RHSA-2012:1022
Vulnerability from csaf_redhat
Published
2012-06-20 15:56
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.1.2 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.2 as provided from
the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.1.2 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1022", url: "https://access.redhat.com/errata/RHSA-2012:1022", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1022.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:17+00:00", generator: { date: "2024-11-22T05:17:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1022", initial_release_date: "2012-06-20T15:56:00+00:00", revision_history: [ { date: "2012-06-20T15:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.1", product: { name: "Red Hat JBoss Enterprise Application Platform 5.1", product_id: "Red Hat JBoss Enterprise Application Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:56:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1022", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
RHSA-2012:1027
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas-web and jboss-naming security update
Notes
Topic
Updated jbossas-web and jboss-naming packages that fix two security issues
are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to locate
objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "server/[PROFILE]/deploy/" directory and any other customized
configuration files.
Users of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,
5, and 6 should upgrade to these updated packages, which correct these
issues. The JBoss server process must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas-web and jboss-naming packages that fix two security issues\nare now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to locate\nobjects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"server/[PROFILE]/deploy/\" directory and any other customized\nconfiguration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1027", url: "https://access.redhat.com/errata/RHSA-2012:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1027.json", }, ], title: "Red Hat Security Advisory: jbossas-web and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:17:01+00:00", generator: { date: "2024-11-22T05:17:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1027", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012_1027
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas-web and jboss-naming security update
Notes
Topic
Updated jbossas-web and jboss-naming packages that fix two security issues
are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to locate
objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "server/[PROFILE]/deploy/" directory and any other customized
configuration files.
Users of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,
5, and 6 should upgrade to these updated packages, which correct these
issues. The JBoss server process must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas-web and jboss-naming packages that fix two security issues\nare now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to locate\nobjects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"server/[PROFILE]/deploy/\" directory and any other customized\nconfiguration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1027", url: "https://access.redhat.com/errata/RHSA-2012:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1027.json", }, ], title: "Red Hat Security Advisory: jbossas-web and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:17:01+00:00", generator: { date: "2024-11-22T05:17:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1027", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-web@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-web-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], known_not_affected: [ "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4AS-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el4.src", "4ES-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el4.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1027", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el5.src", "5Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEWP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-0:5.1.2-10.ep5.el6.src", "6Server-JBEWP-5:jbossas-web-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEWP-5:jbossas-web-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012_1295
Vulnerability from csaf_redhat
Published
2012-09-19 17:41
Modified
2024-11-22 05:27
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update
Notes
Topic
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that
fixes one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality. The Java Naming and Directory
Interface (JNDI) Java API allows Java software clients to locate objects or
services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
All users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as
provided from the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that\nfixes one security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality. The Java Naming and Directory\nInterface (JNDI) Java API allows Java software clients to locate objects or\nservices in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nAll users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as\nprovided from the Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1295", url: "https://access.redhat.com/errata/RHSA-2012:1295", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1295.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update", tracking: { current_release_date: "2024-11-22T05:27:48+00:00", generator: { date: "2024-11-22T05:27:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1295", initial_release_date: "2012-09-19T17:41:00+00:00", revision_history: [ { date: "2012-09-19T17:41:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-19T17:51:11+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:27:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 4.2", product: { name: "Red Hat JBoss SOA Platform 4.2", product_id: "Red Hat JBoss SOA Platform 4.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:4.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 4.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-19T17:41:00+00:00", details: "The References section of this erratum contains download links (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 4.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1295", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 4.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1024
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes
one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided
from the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes\none security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1024", url: "https://access.redhat.com/errata/RHSA-2012:1024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1024.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:48+00:00", generator: { date: "2024-11-22T05:16:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1024", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:44:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1024", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1022
Vulnerability from csaf_redhat
Published
2012-06-20 15:56
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.1.2 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.2 as provided from
the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.1.2 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1022", url: "https://access.redhat.com/errata/RHSA-2012:1022", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1022.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:17+00:00", generator: { date: "2024-11-22T05:17:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1022", initial_release_date: "2012-06-20T15:56:00+00:00", revision_history: [ { date: "2012-06-20T15:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.1", product: { name: "Red Hat JBoss Enterprise Application Platform 5.1", product_id: "Red Hat JBoss Enterprise Application Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:56:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1022", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1295
Vulnerability from csaf_redhat
Published
2012-09-19 17:41
Modified
2024-11-22 05:27
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update
Notes
Topic
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that
fixes one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality. The Java Naming and Directory
Interface (JNDI) Java API allows Java software clients to locate objects or
services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
All users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as
provided from the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that\nfixes one security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality. The Java Naming and Directory\nInterface (JNDI) Java API allows Java software clients to locate objects or\nservices in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nAll users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as\nprovided from the Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1295", url: "https://access.redhat.com/errata/RHSA-2012:1295", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1295.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update", tracking: { current_release_date: "2024-11-22T05:27:48+00:00", generator: { date: "2024-11-22T05:27:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1295", initial_release_date: "2012-09-19T17:41:00+00:00", revision_history: [ { date: "2012-09-19T17:41:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-19T17:51:11+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:27:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 4.2", product: { name: "Red Hat JBoss SOA Platform 4.2", product_id: "Red Hat JBoss SOA Platform 4.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:4.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 4.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-19T17:41:00+00:00", details: "The References section of this erratum contains download links (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 4.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1295", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 4.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1026
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas and jboss-naming security update
Notes
Topic
Updated jbossas and jboss-naming packages that fix two security issues are
now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 4, 5, and 6 should upgrade to these updated packages, which correct
these issues. The JBoss server process must be restarted for this update to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas and jboss-naming packages that fix two security issues are\nnow available for JBoss Enterprise Application Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1026", url: "https://access.redhat.com/errata/RHSA-2012:1026", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1026.json", }, ], title: "Red Hat Security Advisory: jbossas and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:16:57+00:00", generator: { date: "2024-11-22T05:16:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1026", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012:1232
Vulnerability from csaf_redhat
Published
2012-09-05 16:26
Modified
2025-01-05 18:14
Summary
Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update
Notes
Topic
JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Portal Platform is the open source implementation of the
Java EE suite of services and Portal services running atop JBoss Enterprise
Application Platform. It comprises a set of offerings for enterprise
customers who are looking for pre-configured profiles of JBoss Enterprise
Middleware components that have been tested and certified together to
provide an integrated experience.
This release of JBoss Enterprise Portal Platform 5.2.2 serves as a
replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug
fixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes
for information on the most significant of these changes. The Release Notes
will be available shortly from https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
It was found that the JMX Console did not protect against Cross-Site
Request Forgery (CSRF) attacks. If a remote attacker could trick a user,
who was logged into the JMX Console, into visiting a specially-crafted URL,
the attacker could perform operations on MBeans, which may lead to
arbitrary code execution in the context of the JBoss server process.
(CVE-2011-2908)
A flaw was found in the way Apache POI, a Java API for manipulating files
created with a Microsoft Office application, handled memory when processing
certain Channel Definition Format (CDF) and Compound File Binary Format
(CFBF) documents. A remote attacker could provide a specially-crafted CDF
or CFBF document to an application using Apache POI, leading to a denial of
service. (CVE-2012-0213)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting the
CVE-2011-4605 issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files, and any databases and database settings.
All users of JBoss Enterprise Portal Platform 5.2.1 as provided from the
Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal
Platform 5.2.2.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nThis release of JBoss Enterprise Portal Platform 5.2.2 serves as a\nreplacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug\nfixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes\nfor information on the most significant of these changes. The Release Notes\nwill be available shortly from https://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nIt was found that the JMX Console did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the JMX Console, into visiting a specially-crafted URL,\nthe attacker could perform operations on MBeans, which may lead to\narbitrary code execution in the context of the JBoss server process.\n(CVE-2011-2908)\n\nA flaw was found in the way Apache POI, a Java API for manipulating files\ncreated with a Microsoft Office application, handled memory when processing\ncertain Channel Definition Format (CDF) and Compound File Binary Format\n(CFBF) documents. A remote attacker could provide a specially-crafted CDF\nor CFBF document to an application using Apache POI, leading to a denial of\nservice. (CVE-2012-0213)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting the\nCVE-2011-4605 issue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles, and any databases and database settings.\n\nAll users of JBoss Enterprise Portal Platform 5.2.1 as provided from the\nRed Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal\nPlatform 5.2.2.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1232", url: "https://access.redhat.com/errata/RHSA-2012:1232", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1232.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update", tracking: { current_release_date: "2025-01-05T18:14:14+00:00", generator: { date: "2025-01-05T18:14:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2012:1232", initial_release_date: "2012-09-05T16:26:00+00:00", revision_history: [ { date: "2012-09-05T16:26:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-05T16:25:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-05T18:14:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 5.2", product: { name: "Red Hat JBoss Portal 5.2", product_id: "Red Hat JBoss Portal 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2011-2908", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2007-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "730176", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "CSRF on jmx-console allows invocation of operations on mbeans", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-2908", }, { category: "external", summary: "RHBZ#730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-2908", url: "https://www.cve.org/CVERecord?id=CVE-2011-2908", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", }, ], release_date: "2007-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CSRF on jmx-console allows invocation of operations on mbeans", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-0213", discovery_date: "2012-03-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "799078", }, ], notes: [ { category: "description", text: "The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.", title: "Vulnerability description", }, { category: "summary", text: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0213", }, { category: "external", summary: "RHBZ#799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0213", url: "https://www.cve.org/CVERecord?id=CVE-2012-0213", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", }, ], release_date: "2012-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1026
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas and jboss-naming security update
Notes
Topic
Updated jbossas and jboss-naming packages that fix two security issues are
now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 4, 5, and 6 should upgrade to these updated packages, which correct
these issues. The JBoss server process must be restarted for this update to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas and jboss-naming packages that fix two security issues are\nnow available for JBoss Enterprise Application Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1026", url: "https://access.redhat.com/errata/RHSA-2012:1026", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1026.json", }, ], title: "Red Hat Security Advisory: jbossas and jboss-naming security update", tracking: { current_release_date: "2024-11-22T05:16:57+00:00", generator: { date: "2024-11-22T05:16:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1026", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el5?arch=noarch", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-ws-native@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-messaging@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_id: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@5.1.2-10.ep5.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el4.src", product: { name: "jbossas-0:5.1.2-10.ep5.el4.src", product_id: "jbossas-0:5.1.2-10.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.1.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el5.src", product: { name: "jbossas-0:5.1.2-10.ep5.el5.src", product_id: "jbossas-0:5.1.2-10.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el5?arch=src", }, }, }, { category: "product_version", name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_id: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jboss-naming@5.0.3-4.CP01_patch_01.2.ep5.el6?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:5.1.2-10.ep5.el6.src", product: { name: "jbossas-0:5.1.2-10.ep5.el6.src", product_id: "jbossas-0:5.1.2-10.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@5.1.2-10.ep5.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", }, product_reference: "jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:5.1.2-10.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", }, product_reference: "jbossas-0:5.1.2-10.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-client-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", }, product_reference: "jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1026", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4AS-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4AS-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4AS-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.noarch", "4ES-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el4.src", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-0:5.1.2-10.ep5.el4.src", "4ES-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el4.noarch", "4ES-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el4.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.noarch", "5Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.1.ep5.el5.src", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el5.src", "5Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el5.noarch", "5Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el5.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.noarch", "6Server-JBEAP-5:jboss-naming-0:5.0.3-4.CP01_patch_01.2.ep5.el6.src", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-0:5.1.2-10.ep5.el6.src", "6Server-JBEAP-5:jbossas-client-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-messaging-0:5.1.2-10.ep5.el6.noarch", "6Server-JBEAP-5:jbossas-ws-native-0:5.1.2-10.ep5.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, ], }
rhsa-2012:1028
Vulnerability from csaf_redhat
Published
2012-06-22 01:12
Modified
2024-11-22 05:43
Summary
Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update
Notes
Topic
JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise BRMS Platform is a business rules management system for
the management, storage, creation, modification, and deployment of JBoss
Rules. The Java Naming and Directory Interface (JNDI) Java API allows Java
software clients to locate objects or services in an application server.
This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a
replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various
bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS
Platform 5.3.0 Release Notes. The Release Notes will be available shortly
from https://docs.redhat.com/docs/en-US/index.html
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
It was found that the invoker servlets, deployed by default via
httpha-invoker, only performed access control on the HTTP GET and POST
methods, allowing remote attackers to make unauthenticated requests by
using different HTTP methods. Due to the second layer of authentication
provided by a security interceptor, this issue is not exploitable on
default installations unless an administrator has misconfigured the
security interceptor or disabled it. (CVE-2011-4085)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying the update, back up your existing JBoss Enterprise
BRMS Platform installation (including its databases, applications,
configuration files, and so on).
All users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to upgrade to JBoss Enterprise BRMS
Platform 5.3.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise BRMS Platform is a business rules management system for\nthe management, storage, creation, modification, and deployment of JBoss\nRules. The Java Naming and Directory Interface (JNDI) Java API allows Java\nsoftware clients to locate objects or services in an application server.\n\nThis release of JBoss Enterprise BRMS Platform 5.3.0 serves as a\nreplacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various\nbug fixes and enhancements which are detailed in the JBoss Enterprise BRMS\nPlatform 5.3.0 Release Notes. The Release Notes will be available shortly\nfrom https://docs.redhat.com/docs/en-US/index.html\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nIt was found that the invoker servlets, deployed by default via\nhttpha-invoker, only performed access control on the HTTP GET and POST\nmethods, allowing remote attackers to make unauthenticated requests by\nusing different HTTP methods. Due to the second layer of authentication\nprovided by a security interceptor, this issue is not exploitable on\ndefault installations unless an administrator has misconfigured the\nsecurity interceptor or disabled it. (CVE-2011-4085)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nBRMS Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise BRMS Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise BRMS\nPlatform 5.3.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1028", url: "https://access.redhat.com/errata/RHSA-2012:1028", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions", }, { category: "external", summary: "https://docs.redhat.com/docs/en-US/index.html", url: "https://docs.redhat.com/docs/en-US/index.html", }, { category: "external", summary: "750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1028.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update", tracking: { current_release_date: "2024-11-22T05:43:11+00:00", generator: { date: "2024-11-22T05:43:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1028", initial_release_date: "2012-06-22T01:12:00+00:00", revision_history: [ { date: "2012-06-22T01:12:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-22T01:19:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:43:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-4085", discovery_date: "2011-10-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "750422", }, ], notes: [ { category: "description", text: "The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.", title: "Vulnerability description", }, { category: "summary", text: "Invoker servlets authentication bypass (HTTP verb tampering)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4085", }, { category: "external", summary: "RHBZ#750422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=750422", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4085", url: "https://www.cve.org/CVERecord?id=CVE-2011-4085", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4085", }, ], release_date: "2011-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Invoker servlets authentication bypass (HTTP verb tampering)", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-22T01:12:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1028", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1109
Vulnerability from csaf_redhat
Published
2012-07-23 17:47
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Portal Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files.
All users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the
Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nPortal Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles.\n\nAll users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the\nRed Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1109", url: "https://access.redhat.com/errata/RHSA-2012:1109", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1109.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:09+00:00", generator: { date: "2024-11-22T05:17:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1109", initial_release_date: "2012-07-23T17:47:00+00:00", revision_history: [ { date: "2012-07-23T17:47:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-23T17:53:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-23T17:47:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1109", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1022
Vulnerability from csaf_redhat
Published
2012-06-20 15:56
Modified
2024-11-22 05:17
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.1.2 that fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.2 as provided from
the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.1.2 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1022", url: "https://access.redhat.com/errata/RHSA-2012:1022", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1022.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:17:17+00:00", generator: { date: "2024-11-22T05:17:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1022", initial_release_date: "2012-06-20T15:56:00+00:00", revision_history: [ { date: "2012-06-20T15:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:17:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.1", product: { name: "Red Hat JBoss Enterprise Application Platform 5.1", product_id: "Red Hat JBoss Enterprise Application Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:56:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1022", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1024
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes
one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided
from the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes\none security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1024", url: "https://access.redhat.com/errata/RHSA-2012:1024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1024.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:48+00:00", generator: { date: "2024-11-22T05:16:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1024", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:44:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1024", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1025
Vulnerability from csaf_redhat
Published
2012-06-20 16:02
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
Updated jbossas packages that fix one security issue are now available for
JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat
Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat
Enterprise Linux 4 and 5 should upgrade to these updated packages, which
correct this issue. The JBoss server process must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jbossas packages that fix one security issue are now available for\nJBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat\nEnterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat\nEnterprise Linux 4 and 5 should upgrade to these updated packages, which\ncorrect this issue. The JBoss server process must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1025", url: "https://access.redhat.com/errata/RHSA-2012:1025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1025.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:53+00:00", generator: { date: "2024-11-22T05:16:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1025", initial_release_date: "2012-06-20T16:02:00+00:00", revision_history: [ { date: "2012-06-20T16:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, { category: "product_version", name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_id: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossas-client@4.3.0-10.GA_CP10_patch_01.1.ep1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", }, product_reference: "jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", }, product_reference: "jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T16:02:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1025", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el4.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-10.GA_CP10_patch_01.1.ep1.el5.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
RHSA-2012:1232
Vulnerability from csaf_redhat
Published
2012-09-05 16:26
Modified
2025-01-05 18:14
Summary
Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update
Notes
Topic
JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Portal Platform is the open source implementation of the
Java EE suite of services and Portal services running atop JBoss Enterprise
Application Platform. It comprises a set of offerings for enterprise
customers who are looking for pre-configured profiles of JBoss Enterprise
Middleware components that have been tested and certified together to
provide an integrated experience.
This release of JBoss Enterprise Portal Platform 5.2.2 serves as a
replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug
fixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes
for information on the most significant of these changes. The Release Notes
will be available shortly from https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
It was found that the JMX Console did not protect against Cross-Site
Request Forgery (CSRF) attacks. If a remote attacker could trick a user,
who was logged into the JMX Console, into visiting a specially-crafted URL,
the attacker could perform operations on MBeans, which may lead to
arbitrary code execution in the context of the JBoss server process.
(CVE-2011-2908)
A flaw was found in the way Apache POI, a Java API for manipulating files
created with a Microsoft Office application, handled memory when processing
certain Channel Definition Format (CDF) and Compound File Binary Format
(CFBF) documents. A remote attacker could provide a specially-crafted CDF
or CFBF document to an application using Apache POI, leading to a denial of
service. (CVE-2012-0213)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting the
CVE-2011-4605 issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files, and any databases and database settings.
All users of JBoss Enterprise Portal Platform 5.2.1 as provided from the
Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal
Platform 5.2.2.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nThis release of JBoss Enterprise Portal Platform 5.2.2 serves as a\nreplacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug\nfixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes\nfor information on the most significant of these changes. The Release Notes\nwill be available shortly from https://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nIt was found that the JMX Console did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the JMX Console, into visiting a specially-crafted URL,\nthe attacker could perform operations on MBeans, which may lead to\narbitrary code execution in the context of the JBoss server process.\n(CVE-2011-2908)\n\nA flaw was found in the way Apache POI, a Java API for manipulating files\ncreated with a Microsoft Office application, handled memory when processing\ncertain Channel Definition Format (CDF) and Compound File Binary Format\n(CFBF) documents. A remote attacker could provide a specially-crafted CDF\nor CFBF document to an application using Apache POI, leading to a denial of\nservice. (CVE-2012-0213)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting the\nCVE-2011-4605 issue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles, and any databases and database settings.\n\nAll users of JBoss Enterprise Portal Platform 5.2.1 as provided from the\nRed Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal\nPlatform 5.2.2.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1232", url: "https://access.redhat.com/errata/RHSA-2012:1232", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1232.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update", tracking: { current_release_date: "2025-01-05T18:14:14+00:00", generator: { date: "2025-01-05T18:14:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2012:1232", initial_release_date: "2012-09-05T16:26:00+00:00", revision_history: [ { date: "2012-09-05T16:26:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-05T16:25:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-05T18:14:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 5.2", product: { name: "Red Hat JBoss Portal 5.2", product_id: "Red Hat JBoss Portal 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2011-2908", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2007-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "730176", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "CSRF on jmx-console allows invocation of operations on mbeans", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-2908", }, { category: "external", summary: "RHBZ#730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-2908", url: "https://www.cve.org/CVERecord?id=CVE-2011-2908", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", }, ], release_date: "2007-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CSRF on jmx-console allows invocation of operations on mbeans", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-0213", discovery_date: "2012-03-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "799078", }, ], notes: [ { category: "description", text: "The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.", title: "Vulnerability description", }, { category: "summary", text: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0213", }, { category: "external", summary: "RHBZ#799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0213", url: "https://www.cve.org/CVERecord?id=CVE-2012-0213", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", }, ], release_date: "2012-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1125
Vulnerability from csaf_redhat
Published
2012-07-31 14:24
Modified
2025-01-12 19:25
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update
Notes
Topic
JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure.
This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement
for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A denial of service flaw was found in the implementation of associative
arrays (hashes) in JRuby. An attacker able to supply a large number of
inputs to a JRuby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, randomization
has been added to the hash function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2011-4838)
Note: JBoss Enterprise SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2011-4838 flaw
is not exposed unless the version of JRuby shipped with that quickstart is
used by a deployed, custom application.
It was found that RESTEasy was vulnerable to XML External Entity (XXE)
attacks. If a remote attacker submitted a request containing an external
XML entity to a RESTEasy endpoint, the entity would be resolved, allowing
the attacker to read files accessible to the user running the application
server. This flaw affected DOM (Document Object Model) Document and JAXB
(Java Architecture for XML Binding) input. The fix for this issue is not
enabled by default. Refer to the Solution section for details.
(CVE-2012-0818)
Multiple flaws were found in the Oracle OpenSSO authentication and
administration components. A remote attacker could use these flaws to
affect the integrity and availability of a service that uses Oracle
OpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)
Note: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of
the opensso quickstart example application. The CVE-2011-3506,
CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso
quickstart example application is deployed, or you have created and
deployed a custom application that is packaged with a copy of Oracle
OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in this release to address these
flaws. Users interested in continuing to receive updates for their custom
applications using Oracle OpenSSO are advised to contact Oracle as Red Hat
is no longer supporting OpenSSO.
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT
acknowledges Julian Wälde and Alexander Klink as the original reporters of
CVE-2011-4838.
Warning: Before installing version 5.3.0, back up your existing JBoss
Enterprise SOA Platform installation (including its databases,
applications, configuration files, and so on).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement\nfor JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in JRuby. An attacker able to supply a large number of\ninputs to a JRuby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, randomization\nhas been added to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2011-4838)\n\nNote: JBoss Enterprise SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2011-4838 flaw\nis not exposed unless the version of JRuby shipped with that quickstart is\nused by a deployed, custom application.\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. The fix for this issue is not\nenabled by default. Refer to the Solution section for details.\n(CVE-2012-0818)\n\nMultiple flaws were found in the Oracle OpenSSO authentication and\nadministration components. A remote attacker could use these flaws to\naffect the integrity and availability of a service that uses Oracle\nOpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)\n\nNote: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of\nthe opensso quickstart example application. The CVE-2011-3506,\nCVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso\nquickstart example application is deployed, or you have created and\ndeployed a custom application that is packaged with a copy of Oracle\nOpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in this release to address these\nflaws. Users interested in continuing to receive updates for their custom\napplications using Oracle OpenSSO are advised to contact Oracle as Red Hat\nis no longer supporting OpenSSO.\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT\nacknowledges Julian Wälde and Alexander Klink as the original reporters of\nCVE-2011-4838.\n\nWarning: Before installing version 5.3.0, back up your existing JBoss\nEnterprise SOA Platform installation (including its databases,\napplications, configuration files, and so on).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1125", url: "https://access.redhat.com/errata/RHSA-2012:1125", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", url: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", }, { category: "external", summary: "785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1125.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update", tracking: { current_release_date: "2025-01-12T19:25:02+00:00", generator: { date: "2025-01-12T19:25:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2012:1125", initial_release_date: "2012-07-31T14:24:00+00:00", revision_history: [ { date: "2012-07-31T14:24:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-31T14:32:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-12T19:25:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-3506", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749078", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3506", }, { category: "external", summary: "RHBZ#749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3506", url: "https://www.cve.org/CVERecord?id=CVE-2011-3506", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { cve: "CVE-2011-3517", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749079", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3517", }, { category: "external", summary: "RHBZ#749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3517", url: "https://www.cve.org/CVERecord?id=CVE-2011-3517", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2011-4838", discovery_date: "2011-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "770820", }, ], notes: [ { category: "description", text: "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", title: "Vulnerability description", }, { category: "summary", text: "jruby: hash table collisions DoS (oCERT-2011-003)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4838", }, { category: "external", summary: "RHBZ#770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4838", url: "https://www.cve.org/CVERecord?id=CVE-2011-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", }, ], release_date: "2011-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jruby: hash table collisions DoS (oCERT-2011-003)", }, { cve: "CVE-2011-5245", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-5245", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-5245", url: "https://www.cve.org/CVERecord?id=CVE-2011-5245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-0079", discovery_date: "2012-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "783898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0079", }, { category: "external", summary: "RHBZ#783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0079", url: "https://www.cve.org/CVERecord?id=CVE-2012-0079", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", }, ], release_date: "2012-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", }, { cve: "CVE-2012-0818", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0818", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0818", url: "https://www.cve.org/CVERecord?id=CVE-2012-0818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
rhsa-2012:1125
Vulnerability from csaf_redhat
Published
2012-07-31 14:24
Modified
2025-01-12 19:25
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update
Notes
Topic
JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,
various bugs, and adds enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure.
This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement
for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A denial of service flaw was found in the implementation of associative
arrays (hashes) in JRuby. An attacker able to supply a large number of
inputs to a JRuby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, randomization
has been added to the hash function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2011-4838)
Note: JBoss Enterprise SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2011-4838 flaw
is not exposed unless the version of JRuby shipped with that quickstart is
used by a deployed, custom application.
It was found that RESTEasy was vulnerable to XML External Entity (XXE)
attacks. If a remote attacker submitted a request containing an external
XML entity to a RESTEasy endpoint, the entity would be resolved, allowing
the attacker to read files accessible to the user running the application
server. This flaw affected DOM (Document Object Model) Document and JAXB
(Java Architecture for XML Binding) input. The fix for this issue is not
enabled by default. Refer to the Solution section for details.
(CVE-2012-0818)
Multiple flaws were found in the Oracle OpenSSO authentication and
administration components. A remote attacker could use these flaws to
affect the integrity and availability of a service that uses Oracle
OpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)
Note: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of
the opensso quickstart example application. The CVE-2011-3506,
CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso
quickstart example application is deployed, or you have created and
deployed a custom application that is packaged with a copy of Oracle
OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in this release to address these
flaws. Users interested in continuing to receive updates for their custom
applications using Oracle OpenSSO are advised to contact Oracle as Red Hat
is no longer supporting OpenSSO.
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT
acknowledges Julian Wälde and Alexander Klink as the original reporters of
CVE-2011-4838.
Warning: Before installing version 5.3.0, back up your existing JBoss
Enterprise SOA Platform installation (including its databases,
applications, configuration files, and so on).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement\nfor JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in JRuby. An attacker able to supply a large number of\ninputs to a JRuby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, randomization\nhas been added to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2011-4838)\n\nNote: JBoss Enterprise SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2011-4838 flaw\nis not exposed unless the version of JRuby shipped with that quickstart is\nused by a deployed, custom application.\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. The fix for this issue is not\nenabled by default. Refer to the Solution section for details.\n(CVE-2012-0818)\n\nMultiple flaws were found in the Oracle OpenSSO authentication and\nadministration components. A remote attacker could use these flaws to\naffect the integrity and availability of a service that uses Oracle\nOpenSSO. (CVE-2011-3506, CVE-2011-3517, CVE-2012-0079)\n\nNote: JBoss Enterprise SOA Platform only provides Oracle OpenSSO as part of\nthe opensso quickstart example application. The CVE-2011-3506,\nCVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso\nquickstart example application is deployed, or you have created and\ndeployed a custom application that is packaged with a copy of Oracle\nOpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in this release to address these\nflaws. Users interested in continuing to receive updates for their custom\napplications using Oracle OpenSSO are advised to contact Oracle as Red Hat\nis no longer supporting OpenSSO.\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting\nCVE-2011-4605, and oCERT for reporting CVE-2011-4838. oCERT\nacknowledges Julian Wälde and Alexander Klink as the original reporters of\nCVE-2011-4838.\n\nWarning: Before installing version 5.3.0, back up your existing JBoss\nEnterprise SOA Platform installation (including its databases,\napplications, configuration files, and so on).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1125", url: "https://access.redhat.com/errata/RHSA-2012:1125", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", url: "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", }, { category: "external", summary: "785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1125.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update", tracking: { current_release_date: "2025-01-12T19:25:02+00:00", generator: { date: "2025-01-12T19:25:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2012:1125", initial_release_date: "2012-07-31T14:24:00+00:00", revision_history: [ { date: "2012-07-31T14:24:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-07-31T14:32:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-12T19:25:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2011-3506", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749078", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3506", }, { category: "external", summary: "RHBZ#749078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3506", url: "https://www.cve.org/CVERecord?id=CVE-2011-3506", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3506", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { cve: "CVE-2011-3517", discovery_date: "2011-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "749079", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: unspecified vulnerability in the authentication component", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-3517", }, { category: "external", summary: "RHBZ#749079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=749079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-3517", url: "https://www.cve.org/CVERecord?id=CVE-2011-3517", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-3517", }, { category: "external", summary: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: unspecified vulnerability in the authentication component", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2011-4838", discovery_date: "2011-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "770820", }, ], notes: [ { category: "description", text: "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", title: "Vulnerability description", }, { category: "summary", text: "jruby: hash table collisions DoS (oCERT-2011-003)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4838", }, { category: "external", summary: "RHBZ#770820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=770820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4838", url: "https://www.cve.org/CVERecord?id=CVE-2011-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4838", }, ], release_date: "2011-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jruby: hash table collisions DoS (oCERT-2011-003)", }, { cve: "CVE-2011-5245", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-5245", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-5245", url: "https://www.cve.org/CVERecord?id=CVE-2011-5245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-5245", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-0079", discovery_date: "2012-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "783898", }, ], notes: [ { category: "description", text: "Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.", title: "Vulnerability description", }, { category: "summary", text: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", title: "Vulnerability summary", }, { category: "other", text: "Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.\n\nThe opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0079", }, { category: "external", summary: "RHBZ#783898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=783898", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0079", url: "https://www.cve.org/CVERecord?id=CVE-2012-0079", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0079", }, ], release_date: "2012-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors", }, { cve: "CVE-2012-0818", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2012-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "785631", }, ], notes: [ { category: "description", text: "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: XML eXternal Entity (XXE) flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0818", }, { category: "external", summary: "RHBZ#785631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=785631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0818", url: "https://www.cve.org/CVERecord?id=CVE-2012-0818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0818", }, ], release_date: "2011-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "RESTEasy: XML eXternal Entity (XXE) flaw", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-07-31T14:24:00+00:00", details: "All users of JBoss Enterprise SOA Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the new version). Before installing version 5.3.0, back\nup your existing JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nThe fix for CVE-2012-0818 is not enabled by default. This update adds a new\nconfiguration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1125", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1024
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes
one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided
from the Red Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes\none security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1024", url: "https://access.redhat.com/errata/RHSA-2012:1024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=4.3.0.GA_CP10", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1024.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:48+00:00", generator: { date: "2024-11-22T05:16:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1024", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:44:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 4.3", product: { name: "Red Hat JBoss Portal 4.3", product_id: "Red Hat JBoss Portal 4.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 4.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Portal 4.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1024", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 4.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012:1023
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "jboss-as-web/server/[PROFILE]/deploy/" directory and any other
customized configuration files.
All users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red
Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nAll users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red\nHat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1023", url: "https://access.redhat.com/errata/RHSA-2012:1023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1023.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:39+00:00", generator: { date: "2024-11-22T05:16:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1023", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.1", product: { name: "Red Hat JBoss Web Platform 5.1", product_id: "Red Hat JBoss Web Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1023", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
RHSA-2012:1295
Vulnerability from csaf_redhat
Published
2012-09-19 17:41
Modified
2024-11-22 05:27
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update
Notes
Topic
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that
fixes one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality. The Java Naming and Directory
Interface (JNDI) Java API allows Java software clients to locate objects or
services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
All users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as
provided from the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that\nfixes one security issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality. The Java Naming and Directory\nInterface (JNDI) Java API allows Java software clients to locate objects or\nservices in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nAll users of JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 as\nprovided from the Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1295", url: "https://access.redhat.com/errata/RHSA-2012:1295", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=soaplatform&version=4.2.0.GA_CP05", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1295.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update", tracking: { current_release_date: "2024-11-22T05:27:48+00:00", generator: { date: "2024-11-22T05:27:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1295", initial_release_date: "2012-09-19T17:41:00+00:00", revision_history: [ { date: "2012-09-19T17:41:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-19T17:51:11+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:27:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 4.2", product: { name: "Red Hat JBoss SOA Platform 4.2", product_id: "Red Hat JBoss SOA Platform 4.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_soa_platform:4.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 4.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-19T17:41:00+00:00", details: "The References section of this erratum contains download links (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 4.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1295", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 4.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
rhsa-2012_1232
Vulnerability from csaf_redhat
Published
2012-09-05 16:26
Modified
2024-11-22 05:43
Summary
Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update
Notes
Topic
JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Portal Platform is the open source implementation of the
Java EE suite of services and Portal services running atop JBoss Enterprise
Application Platform. It comprises a set of offerings for enterprise
customers who are looking for pre-configured profiles of JBoss Enterprise
Middleware components that have been tested and certified together to
provide an integrated experience.
This release of JBoss Enterprise Portal Platform 5.2.2 serves as a
replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug
fixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes
for information on the most significant of these changes. The Release Notes
will be available shortly from https://access.redhat.com/knowledge/docs/
The following security issues are also fixed with this release:
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
It was found that the JMX Console did not protect against Cross-Site
Request Forgery (CSRF) attacks. If a remote attacker could trick a user,
who was logged into the JMX Console, into visiting a specially-crafted URL,
the attacker could perform operations on MBeans, which may lead to
arbitrary code execution in the context of the JBoss server process.
(CVE-2011-2908)
A flaw was found in the way Apache POI, a Java API for manipulating files
created with a Microsoft Office application, handled memory when processing
certain Channel Definition Format (CDF) and Compound File Binary Format
(CFBF) documents. A remote attacker could provide a specially-crafted CDF
or CFBF document to an application using Apache POI, leading to a denial of
service. (CVE-2012-0213)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
When a JGroups channel is started, the JGroups diagnostics service would be
enabled by default with no authentication. This service is exposed via IP
multicast. An attacker on an adjacent network could exploit this flaw to
read diagnostics information. (CVE-2012-2377)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting the
CVE-2011-4605 issue.
Warning: Before applying this update, back up all applications deployed on
JBoss Enterprise Portal Platform, along with all customized configuration
files, and any databases and database settings.
All users of JBoss Enterprise Portal Platform 5.2.1 as provided from the
Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal
Platform 5.2.2.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Enterprise Portal Platform 5.2.2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nThis release of JBoss Enterprise Portal Platform 5.2.2 serves as a\nreplacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug\nfixes. Refer to the JBoss Enterprise Portal Platform 5.2.2 Release Notes\nfor information on the most significant of these changes. The Release Notes\nwill be available shortly from https://access.redhat.com/knowledge/docs/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nIt was found that the JMX Console did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the JMX Console, into visiting a specially-crafted URL,\nthe attacker could perform operations on MBeans, which may lead to\narbitrary code execution in the context of the JBoss server process.\n(CVE-2011-2908)\n\nA flaw was found in the way Apache POI, a Java API for manipulating files\ncreated with a Microsoft Office application, handled memory when processing\ncertain Channel Definition Format (CDF) and Compound File Binary Format\n(CFBF) documents. A remote attacker could provide a specially-crafted CDF\nor CFBF document to an application using Apache POI, leading to a denial of\nservice. (CVE-2012-0213)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nWhen a JGroups channel is started, the JGroups diagnostics service would be\nenabled by default with no authentication. This service is exposed via IP\nmulticast. An attacker on an adjacent network could exploit this flaw to\nread diagnostics information. (CVE-2012-2377)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting the\nCVE-2011-4605 issue.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles, and any databases and database settings.\n\nAll users of JBoss Enterprise Portal Platform 5.2.1 as provided from the\nRed Hat Customer Portal are advised to upgrade to JBoss Enterprise Portal\nPlatform 5.2.2.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1232", url: "https://access.redhat.com/errata/RHSA-2012:1232", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/knowledge/docs/", url: "https://access.redhat.com/knowledge/docs/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1232.json", }, ], title: "Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 update", tracking: { current_release_date: "2024-11-22T05:43:34+00:00", generator: { date: "2024-11-22T05:43:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1232", initial_release_date: "2012-09-05T16:26:00+00:00", revision_history: [ { date: "2012-09-05T16:26:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-09-05T16:25:36+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:43:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Portal 5.2", product: { name: "Red Hat JBoss Portal 5.2", product_id: "Red Hat JBoss Portal 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2011-2908", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2007-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "730176", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "CSRF on jmx-console allows invocation of operations on mbeans", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-2908", }, { category: "external", summary: "RHBZ#730176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=730176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-2908", url: "https://www.cve.org/CVERecord?id=CVE-2011-2908", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-2908", }, ], release_date: "2007-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CSRF on jmx-console allows invocation of operations on mbeans", }, { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, { cve: "CVE-2012-0213", discovery_date: "2012-03-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "799078", }, ], notes: [ { category: "description", text: "The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.", title: "Vulnerability description", }, { category: "summary", text: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-0213", }, { category: "external", summary: "RHBZ#799078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=799078", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-0213", url: "https://www.cve.org/CVERecord?id=CVE-2012-0213", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-0213", }, ], release_date: "2012-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files", }, { cve: "CVE-2012-1167", discovery_date: "2012-03-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "802622", }, ], notes: [ { category: "description", text: "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", title: "Vulnerability description", }, { category: "summary", text: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-1167", }, { category: "external", summary: "RHBZ#802622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=802622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-1167", url: "https://www.cve.org/CVERecord?id=CVE-2012-1167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1167", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm", }, { acknowledgments: [ { summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2012-2377", discovery_date: "2012-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "823392", }, ], notes: [ { category: "description", text: "JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.", title: "Vulnerability description", }, { category: "summary", text: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Portal 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-2377", }, { category: "external", summary: "RHBZ#823392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=823392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-2377", url: "https://www.cve.org/CVERecord?id=CVE-2012-2377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2377", }, ], release_date: "2012-06-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-09-05T16:26:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", product_ids: [ "Red Hat JBoss Portal 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1232", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss Portal 5.2", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started", }, ], }
RHSA-2012:1023
Vulnerability from csaf_redhat
Published
2012-06-20 15:57
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: jbossas security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
JBoss Application Server is the base package for JBoss Enterprise Web
Platform, providing the core server components. The Java Naming and
Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this
issue.
Warning: Before applying this update, back up your JBoss Enterprise Web
Platform's "jboss-as-web/server/[PROFILE]/deploy/" directory and any other
customized configuration files.
All users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red
Hat Customer Portal are advised to install this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", title: "Topic", }, { category: "general", text: "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schlüter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nAll users of JBoss Enterprise Web Platform 5.1.2 as provided from the Red\nHat Customer Portal are advised to install this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2012:1023", url: "https://access.redhat.com/errata/RHSA-2012:1023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2", }, { category: "external", summary: "766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1023.json", }, ], title: "Red Hat Security Advisory: jbossas security update", tracking: { current_release_date: "2024-11-22T05:16:39+00:00", generator: { date: "2024-11-22T05:16:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2012:1023", initial_release_date: "2012-06-20T15:57:00+00:00", revision_history: [ { date: "2012-06-20T15:57:00+00:00", number: "1", summary: "Initial version", }, { date: "2012-06-20T16:02:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T05:16:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.1", product: { name: "Red Hat JBoss Web Platform 5.1", product_id: "Red Hat JBoss Web Platform 5.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Christian Schlüter", ], organization: "VIADA", }, ], cve: "CVE-2011-4605", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2011-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "766469", }, ], notes: [ { category: "description", text: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "JNDI: unauthenticated remote write access is permitted by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { category: "external", summary: "RHBZ#766469", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-4605", url: "https://www.cve.org/CVERecord?id=CVE-2011-4605", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, ], release_date: "2012-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2012-06-20T15:57:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2012:1023", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Platform 5.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "JNDI: unauthenticated remote write access is permitted by default", }, ], }
fkie_cve-2011-4605
Vulnerability from fkie_nvd
Published
2012-11-23 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 5.1.2 | |
| redhat | jboss_enterprise_brms_platform | * | |
| redhat | jboss_enterprise_portal_platform | 4.3.0 | |
| redhat | jboss_enterprise_portal_platform | 5.2.0 | |
| redhat | jboss_enterprise_portal_platform | 5.2.1 | |
| redhat | jboss_enterprise_soa_platform | 4.2.0 | |
| redhat | jboss_enterprise_soa_platform | 4.3.0 | |
| redhat | jboss_enterprise_web_platform | 5.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*", matchCriteriaId: "424C0428-6E78-42B2-B77A-921116528D06", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8A785F07-9B76-4153-B676-29C9682B2F73", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "E867ECA4-43A5-4424-B703-437991A1C58A", versionEndIncluding: "5.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", matchCriteriaId: "C9C9C8B4-693E-4777-BC31-5933147DFC54", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D66D2843-0273-4A3A-A9D1-48BBB15031B7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "6572BFDD-0A35-48CC-99A1-2BDE27BABB62", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*", matchCriteriaId: "4EF1898E-1A25-442B-865F-1C27B9E5F0D1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*", matchCriteriaId: "67BD448A-745D-4387-ABC8-A18DF142574D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "4C534793-58E0-45B9-84D7-D21E1C4C9F7B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", }, { lang: "es", value: "El (1) servicio JNDI, (2) servicio HA-JNDI, y (3) servlet HAJNDIFactory en JBoss Enterprise Application Platform v4.3.0 CP10 y v5.1.2, Web Platform v5.1.2, SOA Platform v4.2.0.CP05 y v4.3.0.CP05, Portal Platform 4.3 CP07 y v5.2.x anterior a v5.2.2, y BRMS Platform anterior v5.3.0 no restringe correctamente el acceso de escritura, permitiendo a atacantes remotos añadir, borrar o modificar elementos en un árbol JNDI mediante vectores desconocidos.", }, ], id: "CVE-2011-4605", lastModified: "2024-11-21T01:32:38.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-23T20:55:01.993", references: [ { source: "secalert@redhat.com", url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49656", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49658", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50084", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50549", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/54644", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1027501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/54644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1027501", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2011-4605
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Aliases
Aliases
{ GSD: { alias: "CVE-2011-4605", description: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", id: "GSD-2011-4605", references: [ "https://access.redhat.com/errata/RHSA-2012:1295", "https://access.redhat.com/errata/RHSA-2012:1232", "https://access.redhat.com/errata/RHSA-2012:1125", "https://access.redhat.com/errata/RHSA-2012:1109", "https://access.redhat.com/errata/RHSA-2012:1028", "https://access.redhat.com/errata/RHSA-2012:1027", "https://access.redhat.com/errata/RHSA-2012:1026", "https://access.redhat.com/errata/RHSA-2012:1025", "https://access.redhat.com/errata/RHSA-2012:1024", "https://access.redhat.com/errata/RHSA-2012:1023", "https://access.redhat.com/errata/RHSA-2012:1022", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2011-4605", ], details: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", id: "GSD-2011-4605", modified: "2023-12-13T01:19:05.363715Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2011-4605", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { name: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", refsource: "MISC", url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { name: "http://secunia.com/advisories/49656", refsource: "MISC", url: "http://secunia.com/advisories/49656", }, { name: "http://secunia.com/advisories/49658", refsource: "MISC", url: "http://secunia.com/advisories/49658", }, { name: "http://secunia.com/advisories/50084", refsource: "MISC", url: "http://secunia.com/advisories/50084", }, { name: "http://secunia.com/advisories/50549", refsource: "MISC", url: "http://secunia.com/advisories/50549", }, { name: "http://www.securityfocus.com/bid/54644", refsource: "MISC", url: "http://www.securityfocus.com/bid/54644", }, { name: "http://www.securitytracker.com/id?1027501", refsource: "MISC", url: "http://www.securitytracker.com/id?1027501", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[5.0.3.GA_CP01]", affected_versions: "Version 5.0.3.GA_CP01", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P", cwe_ids: [ "CWE-1035", "CWE-264", "CWE-937", ], date: "2013-04-01", description: "The JNDI service does not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", fixed_versions: [], identifier: "CVE-2011-4605", identifiers: [ "CVE-2011-4605", ], package_slug: "maven/org.jboss.naming/jnpserver", pubdate: "2012-11-23", solution: "Unfortunately, there is no solution available yet.", title: "Improper Access Control", urls: [], uuid: "2af73b88-750f-49ef-a313-72efe5bdaccd", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "5.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2011-4605", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "49658", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49658", }, { name: "RHSA-2012:1028", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { name: "RHSA-2012:1025", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { name: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", refsource: "MISC", tags: [], url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { name: "RHSA-2012:1022", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { name: "RHSA-2012:1023", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { name: "49656", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49656", }, { name: "50549", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50549", }, { name: "RHSA-2012:1027", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { name: "50084", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50084", }, { name: "RHSA-2012:1125", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, { name: "RHSA-2012:1295", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { name: "RHSA-2012:1024", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { name: "RHSA-2012:1232", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { name: "RHSA-2012:1109", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { name: "1027501", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id?1027501", }, { name: "RHSA-2012:1026", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { name: "54644", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/54644", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, }, lastModifiedDate: "2023-02-13T00:22Z", publishedDate: "2012-11-23T20:55Z", }, }, }
ghsa-985p-jvqf-v48m
Vulnerability from github
Published
2022-05-17 05:12
Modified
2022-05-17 05:12
Details
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
{ affected: [], aliases: [ "CVE-2011-4605", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2012-11-23T20:55:00Z", severity: "HIGH", }, details: "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", id: "GHSA-985p-jvqf-v48m", modified: "2022-05-17T05:12:27Z", published: "2022-05-17T05:12:27Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4605", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1022", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1023", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1024", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1025", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1026", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1027", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1028", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1109", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1125", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1232", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2012:1295", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2011-4605", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=766469", }, { type: "WEB", url: "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1022.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1023.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1024.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1025.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1026.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1027.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1028.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1109.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1125.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1232.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2012-1295.html", }, { type: "WEB", url: "http://secunia.com/advisories/49656", }, { type: "WEB", url: "http://secunia.com/advisories/49658", }, { type: "WEB", url: "http://secunia.com/advisories/50084", }, { type: "WEB", url: "http://secunia.com/advisories/50549", }, { type: "WEB", url: "http://www.securityfocus.com/bid/54644", }, { type: "WEB", url: "http://www.securitytracker.com/id?1027501", }, ], schema_version: "1.4.0", severity: [], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.