The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues :
Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks.
(CVE-2012-3499)
Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558)
A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
(CVE-2013-1862)
A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV.
(CVE-2013-1896)
A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file.
(CVE-2013-1921)
A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172)
A flaw in JGroup’s DiagnosticsHandler can allow remote attackers to obtain sensitive information and execute arbitrary code by re-using valid credentials.
(CVE-2013-4112)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72238);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2012-3499",
"CVE-2012-4558",
"CVE-2013-1862",
"CVE-2013-1896",
"CVE-2013-1921",
"CVE-2013-2172",
"CVE-2013-4112"
);
script_bugtraq_id(
58165,
59826,
60846,
61129,
61179,
62256
);
script_xref(name:"RHSA", value:"2013:1209");
script_name(english:"JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of JBoss Enterprise Application Platform installed on the
remote system is affected by the following issues :
- Flaws in the mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp modules can allow an
attacker to perform cross-site scripting (XSS) attacks.
(CVE-2012-3499)
- Flaws in the web interface of the mod_proxy_balancer
module can allow a remote attacker to perform XSS
attacks. (CVE-2012-4558)
- A flaw in mod_rewrite can allow remote attackers to
execute arbitrary commands via an HTTP request
containing an escape sequence for a terminal emulator.
(CVE-2013-1862)
- A flaw in the method by which the mod_dav module
handles merge requests can allow an attacker to create
a denial of service by sending a crafted merge request
that contains URIs that are not configured for DAV.
(CVE-2013-1896)
- A flaw in PicketBox can allow local users to obtain the
admin encryption key by reading the Vault data file.
(CVE-2013-1921)
- A flaw in Apache Santuario XML Security can allow
context-dependent attackers to spoof an XML Signature
by using the CanonicalizationMethod parameter to
specify an arbitrary weak algorithm. (CVE-2013-2172)
- A flaw in JGroup's DiagnosticsHandler can allow remote
attackers to obtain sensitive information and execute
arbitrary code by re-using valid credentials.
(CVE-2013-4112)");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-3499.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4558.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1862.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1896.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html");
script_set_attribute(attribute:"solution", value:
"Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to
6.1.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/18");
script_set_attribute(attribute:"patch_publication_date", value:"2013/09/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
# We are only interested in Red Hat systems
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
info = "";
jboss = 0;
installs = get_kb_list_or_exit("Host/JBoss/EAP");
if(!isnull(installs)) jboss = 1;
foreach install (make_list(installs))
{
match = eregmatch(string:install, pattern:"([^:]+):(.*)");
if (!isnull(match))
{
ver = match[1];
path = match[2];
if (ver =~ "^6.1.0([^0-9]|$)")
{
info += '\n' + ' Path : ' + path+ '\n';
info += ' Version : ' + ver + '\n';
}
}
}
# Report what we found.
if (info)
{
set_kb_item(name: 'www/0/XSS', value: TRUE);
if (report_verbosity > 0)
{
if (max_index(split(info)) > 3) s = 's of the JBoss Enterprise Application Platform are';
else s = ' of the JBoss Enterprise Application Platform is';
report =
'\n' +
'The following instance'+s+' out of date and\nshould be upgraded to 6.1.1 or later :\n' +
info;
security_warning(port:0, extra:report);
}
else security_warning(port:0);
}
else if ( (!info) && (jboss) )
{
exit(0, "The JBoss Enterprise Application Platform version installed is not affected.");
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | jboss_enterprise_application_platform | 6.1.0 | cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4112
www.redhat.com/security/data/cve/CVE-2012-3499.html
www.redhat.com/security/data/cve/CVE-2012-4558.html
www.redhat.com/security/data/cve/CVE-2013-1862.html
www.redhat.com/security/data/cve/CVE-2013-1896.html
www.redhat.com/security/data/cve/CVE-2013-1921.html
www.redhat.com/security/data/cve/CVE-2013-2172.html
www.redhat.com/security/data/cve/CVE-2013-4112.html