rhsa-2015_1907
Vulnerability from csaf_redhat
Published
2015-10-15 15:28
Modified
2024-11-22 09:24
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 jboss-ec2-eap update
Notes
Topic
Updated jboss-ec2-eap packages that fix three security issues, several
bugs, and add various enhancements are now available for Red Hat JBoss
Enterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was discovered that sending requests containing large headers to the Web
Console produced a Java OutOfMemoryError in the HTTP management interface.
An attacker could use this flaw to cause a denial of service.
(CVE-2015-5220)
It was discovered that the EAP Management Console could be opened in an
IFRAME, which made it possible to intercept and manipulate requests.
An attacker could use this flaw to trick a user into performing arbitrary
actions in the Console (clickjacking). (CVE-2015-5178)
Note: Resolving this issue required a change in the way http requests are
sent in the Console; this change may affect users. See the Release Notes
linked to in the References section for details about this change.
It was discovered that when uploading a file using a multipart/form-data
submission to the EAP Web Console, the Console was vulnerable to Cross-Site
Request Forgery (CSRF). This meant that an attacker could use the flaw
together with a forgery attack to make changes to an authenticated
instance. (CVE-2015-5188)
The CVE-2015-5220 issue was discovered by Aaron Ogburn of Red Hat GSS
Middleware Team, and the CVE-2015-5188 issue was discovered by Jason Greene
of the Red Hat Middleware Engineering Team.
* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise
Application Platform running on the Amazon Web Services (AWS) Elastic
Compute Cloud (EC2). With this update, the packages have been updated to
ensure compatibility with Red Hat JBoss Enterprise Application Platform
6.4.4. Documentation for these changes is available from the link in the
References section.
All jboss-ec2-eap users of Red Hat JBoss Enterprise Application Platform
6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated jboss-ec2-eap packages that fix three security issues, several\nbugs, and add various enhancements are now available for Red Hat JBoss\nEnterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that sending requests containing large headers to the Web\nConsole produced a Java OutOfMemoryError in the HTTP management interface.\nAn attacker could use this flaw to cause a denial of service.\n(CVE-2015-5220)\n\nIt was discovered that the EAP Management Console could be opened in an\nIFRAME, which made it possible to intercept and manipulate requests.\nAn attacker could use this flaw to trick a user into performing arbitrary\nactions in the Console (clickjacking). (CVE-2015-5178)\n\nNote: Resolving this issue required a change in the way http requests are\nsent in the Console; this change may affect users. See the Release Notes\nlinked to in the References section for details about this change.\n\nIt was discovered that when uploading a file using a multipart/form-data\nsubmission to the EAP Web Console, the Console was vulnerable to Cross-Site\nRequest Forgery (CSRF). This meant that an attacker could use the flaw\ntogether with a forgery attack to make changes to an authenticated\ninstance. (CVE-2015-5188)\n\nThe CVE-2015-5220 issue was discovered by Aaron Ogburn of Red Hat GSS\nMiddleware Team, and the CVE-2015-5188 issue was discovered by Jason Greene\nof the Red Hat Middleware Engineering Team.\n\n* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise\nApplication Platform running on the Amazon Web Services (AWS) Elastic\nCompute Cloud (EC2). With this update, the packages have been updated to\nensure compatibility with Red Hat JBoss Enterprise Application Platform\n6.4.4. Documentation for these changes is available from the link in the\nReferences section.\n\nAll jboss-ec2-eap users of Red Hat JBoss Enterprise Application Platform\n6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1907",
"url": "https://access.redhat.com/errata/RHSA-2015:1907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1250552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552"
},
{
"category": "external",
"summary": "1252885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885"
},
{
"category": "external",
"summary": "1255597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255597"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1907.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 jboss-ec2-eap update",
"tracking": {
"current_release_date": "2024-11-22T09:24:36+00:00",
"generator": {
"date": "2024-11-22T09:24:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:1907",
"initial_release_date": "2015-10-15T15:28:38+00:00",
"revision_history": [
{
"date": "2015-10-15T15:28:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-10-15T15:28:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:24:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"product": {
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"product_id": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.4-1.Final_redhat_4.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap-samples@7.5.4-1.Final_redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.4-1.Final_redhat_4.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src"
},
"product_reference": "jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5178",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1250552"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "AS/WildFly: missing X-Frame-Options header leading to clickjacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5178"
},
{
"category": "external",
"summary": "RHBZ#1250552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5178"
}
],
"release_date": "2015-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-15T15:28:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, make sure to back up any\nmodified configuration files, deployments, and all user data.\nAfter applying the update, restart the instance of Red Hat JBoss Enterprise\nApplication Platform for the changes to take effect.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1907"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "AS/WildFly: missing X-Frame-Options header leading to clickjacking"
},
{
"acknowledgments": [
{
"names": [
"Jason Greene"
],
"organization": "Red Hat Middleware Engineering Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5188",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1252885"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: CSRF vulnerability in EAP \u0026 WildFly Web Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5188"
},
{
"category": "external",
"summary": "RHBZ#1252885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252885"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5188"
}
],
"release_date": "2015-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-15T15:28:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, make sure to back up any\nmodified configuration files, deployments, and all user data.\nAfter applying the update, restart the instance of Red Hat JBoss Enterprise\nApplication Platform for the changes to take effect.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1907"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: CSRF vulnerability in EAP \u0026 WildFly Web Console"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat GSS Middleware Tea",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5220",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1255597"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OOME from EAP 6 http management console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5220"
},
{
"category": "external",
"summary": "RHBZ#1255597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5220"
}
],
"release_date": "2015-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-15T15:28:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, make sure to back up any\nmodified configuration files, deployments, and all user data.\nAfter applying the update, restart the instance of Red Hat JBoss Enterprise\nApplication Platform for the changes to take effect.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1907"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.4-1.Final_redhat_4.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.4-1.Final_redhat_4.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OOME from EAP 6 http management console"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.