Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.REDHAT-RHSA-2013-1437.NASL
HistoryJan 31, 2014 - 12:00 a.m.

JBoss Portal 6.1.0 Update (RHSA-2013:1437)

2014-01-3100:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
18
JSON

The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues:

  • A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. (CVE-2012-4431)

  • A flaw that occurs when the COOKIE session tracking method is used can allow attackers to hijack users’ sessions. (CVE-2012-4529)

  • A flaw that occurs when multiple applications use the same custom authorization module class name can allow a local attacker to deploy a malicious application that overrides the custom authorization modules provided by other applications. (CVE-2012-4572)

  • The framework does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting. This can allow remote attackers to force the system to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications.
    (CVE-2012-5575)

  • A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file.
    (CVE-2013-1921)

  • A session fixation flaw was found in the FormAuthenticator module. (CVE-2013-2067)

  • A flaw that occurs when a JGroups channel was started results in the JGroups diagnostics service being enabled by default with no authentication via IP multicast. A remote attacker can make use of this flaw to read diagnostics information. (CVE-2013-2102)

  • A flaw in the StAX parser implementation can allow remote attackers to cause a denial of service via crafted XML. (CVE-2013-2160)

  • A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172)

  • A flaw in JGroup’s DiagnosticsHandler can allow remote attackers to obtain sensitive information and execute arbitrary code by re-using valid credentials.
    (CVE-2013-4112)

  • A flaw in the manner in which authenticated connections were cached on the server by remote-naming can allow remote attackers to hijack sessions by using a remoting client. (CVE-2013-4128)

  • A flaw in the manner in which connections for EJB invocations were cached on the server can allow remote attackers to hijack sessions by using an EJB client.
    (CVE-2013-4213)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72237);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2012-4431",
    "CVE-2012-4529",
    "CVE-2012-4572",
    "CVE-2012-5575",
    "CVE-2013-1921",
    "CVE-2013-2067",
    "CVE-2013-2102",
    "CVE-2013-2160",
    "CVE-2013-2172",
    "CVE-2013-4112",
    "CVE-2013-4128",
    "CVE-2013-4213"
  );
  script_bugtraq_id(
    56814,
    59799,
    60040,
    60043,
    60045,
    60846,
    61030,
    61179,
    61739,
    61742,
    62256,
    63196
  );
  script_xref(name:"RHSA", value:"2013:1437");

  script_name(english:"JBoss Portal 6.1.0 Update (RHSA-2013:1437)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of JBoss Enterprise Portal Platform on the remote system is
affected by the following issues:

  - A flaw in CSRF prevention filter in JBoss Web could allow
    remote attackers to bypass the cross-site request forgery
    (CSRF) protection mechanism via a request that lacks a
    session identifier. (CVE-2012-4431)

  - A flaw that occurs when the COOKIE session tracking
    method is used can allow attackers to hijack users'
    sessions. (CVE-2012-4529)

  - A flaw that occurs when multiple applications use the
    same custom authorization module class name can allow a
    local attacker to deploy a malicious application that
    overrides the custom authorization modules provided by
    other applications. (CVE-2012-4572)

  - The framework does not verify that a specified
    cryptographic algorithm is allowed by the
    WS-SecurityPolicy AlgorithmSuite definition before
    decrypting.  This can allow remote attackers to force
    the system to use weaker cryptographic algorithms than
    intended and makes it easier to decrypt communications.
    (CVE-2012-5575)

  - A flaw in PicketBox can allow local users to obtain the
    admin encryption key by reading the Vault data file.
    (CVE-2013-1921)

  - A session fixation flaw was found in the
    FormAuthenticator module. (CVE-2013-2067)

  - A flaw that occurs when a JGroups channel was started
    results in the JGroups diagnostics service being enabled
    by default with no authentication via IP multicast. A
    remote attacker can make use of this flaw to read
    diagnostics information. (CVE-2013-2102)

  - A flaw in the StAX parser implementation can allow
    remote attackers to cause a denial of service via
    crafted XML. (CVE-2013-2160)

  - A flaw in Apache Santuario XML Security can allow
    context-dependent attackers to spoof an XML Signature
    by using the CanonicalizationMethod parameter to
    specify an arbitrary weak algorithm. (CVE-2013-2172)

  - A flaw in JGroup's DiagnosticsHandler can allow remote
    attackers to obtain sensitive information and execute
    arbitrary code by re-using valid credentials.
    (CVE-2013-4112)

  - A flaw in the manner in which authenticated connections
    were cached on the server by remote-naming can allow
    remote attackers to hijack sessions by using a remoting
    client. (CVE-2013-4128)

  - A flaw in the manner in which connections for EJB
    invocations were cached on the server can allow remote
    attackers to hijack sessions by using an EJB client.
    (CVE-2013-4213)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=868202");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=872059");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=880443");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=883636");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=929197");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=948106");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=961779");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=963984");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=983489");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=984795");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=985359");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=999263");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4431.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4529.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4572.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-5575.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2067.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2102.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2160.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4128.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4213.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade the installed JBoss Portal 6.0.0 to 6.1.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.0");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# We are only interested in Red Hat systems
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");

info = "";
jboss = 0;
installs = get_kb_list_or_exit("Host/JBoss/Portal Platform");
if(!isnull(installs)) jboss = 1;

foreach install (make_list(installs))
{
  match = eregmatch(string:install, pattern:"([^:]+):(.*)");

  if (!isnull(match))
  {
    ver = match[1];
    path = match[2];

    if (ver =~ "^6.0.0([^0-9]|$)")
    {
      info += '\n' + '  Path    : ' + path+ '\n';
      info += '  Version : ' + ver + '\n';
    }
  }
}

# Report what we found.
if (info)
{
  set_kb_item(name:"www/0/XSRF", value:TRUE);
  if (report_verbosity > 0)
  {
    if (max_index(split(info)) > 3) s = 's of JBoss Enterprise Portal Platform are';
    else s = ' of JBoss Enterprise Portal Platform is';

    report =
      '\n' +
      'The following instance'+s+' out of date and\nshould be upgraded to 6.1.0 or later :\n' +
      info;

    security_hole(port:0, extra:report);
  }
  else security_hole(port:0);
}
else if ( (!info) && (jboss) )
{
  exit(0, "The JBoss Enterprise Portal Platform version installed is not affected.");
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
redhatjboss_enterprise_portal_platform6.1.0cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.0

References

Related

redhat 23
nessus 35
veracode 8
github 6
ubuntucve 8
osv 8
prion 12
cve 12
debiancve 4
seebug 7
openvas 33
tomcat 3
securityvulns 8
freebsd 1
oraclelinux 1
fedora 6
debian 4
mageia 2
centos 1
threatpost 1
ibm 2
packetstorm 1
exploitpack 1
ubuntu 3
exploitdb 1
f5 1
atlassian 5
thn 2
redhat
redhat
(RHSA-2013:0839) Important: JBoss Enterprise Application Platform 6.1.0 update
2013-05-20 00:00:00
(RHSA-2013:0834) Important: JBoss Enterprise Application Platform 6.1.0 update
2013-05-20 00:00:00
(RHSA-2013:1152) Important: Red Hat JBoss Enterprise Application Platform 6.1.0 security update
2013-08-12 18:27:35
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2013:0834)
2013-05-21 00:00:00
RHEL 5 : JBoss EAP (RHSA-2013:0839)
2013-05-21 00:00:00
JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)
2013-06-24 00:00:00
veracode
veracode
Authentication Bypass
2019-05-02 04:45:00
Weak Authentication
2019-05-02 04:48:27
XML Encryption Backwards Compatibility Attack
2019-01-15 08:54:06
github
github
Inadequate Encryption Strength in Apache CXF
2022-05-13 01:09:21
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
2022-05-17 04:50:16
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
ubuntucve
ubuntucve
CVE-2012-4529
2013-10-28 00:00:00
CVE-2013-4112
2013-09-28 00:00:00
CVE-2012-4431
2012-12-19 00:00:00
osv
osv
Inadequate Encryption Strength in Apache CXF
2022-05-13 01:09:21
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
2022-05-17 04:50:16
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
prion
prion
Code injection
2013-08-19 23:55:00
Default configuration
2013-10-28 21:55:00
Design/Logic Flaw
2013-10-28 21:55:00
cve
cve
CVE-2012-5575
2013-08-19 23:55:00
CVE-2012-4529
2013-10-28 21:55:00
CVE-2013-2067
2013-06-01 14:21:00
debiancve
debiancve
CVE-2013-4112
2013-09-28 19:55:00
CVE-2012-4431
2012-12-19 11:55:00
CVE-2013-2067
2013-06-01 14:21:00
seebug
seebug
JBoss Enterprise Application Platform远程EJB调用连接缓存处理验证绕过漏洞
2013-08-27 00:00:00
Apache Tomcat表单验证功能安全绕过漏洞
2013-06-06 00:00:00
Apache Tomcat 跨站请求伪造漏洞
2012-12-07 00:00:00
openvas
openvas
RedHat Update for tomcat6 RHSA-2013:0964-01
2013-06-24 00:00:00
CentOS Update for tomcat6 CESA-2013:0964 centos6
2013-06-24 00:00:00
RedHat Update for tomcat6 RHSA-2013:0964-01
2013-06-24 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.33
2012-11-21 00:00:00
Fixed in Apache Tomcat 7.0.32
2012-10-09 00:00:00
Fixed in Apache Tomcat 6.0.37
2013-05-03 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator
2013-05-10 00:00:00
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
2012-12-07 00:00:00
SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
2013-07-15 00:00:00
freebsd
freebsd
tomcat -- bypass of CSRF prevention filter
2012-12-04 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2013-06-20 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: cxf-2.6.9-1.fc18
2013-08-10 20:01:35
[SECURITY] Fedora 19 Update: cxf-2.6.9-1.fc19
2013-08-10 20:05:12
[SECURITY] Fedora 19 Update: wss4j-1.6.10-1.fc19
2013-08-10 20:05:12
debian
debian
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DLA 85-1] libxml-security-java security update
2014-11-09 16:34:59
mageia
mageia
Updated cxf, wss4j, and jacorb packages fix security vulnerability
2014-01-06 04:49:54
Updated xml-security package fixes security vulnerability
2014-01-06 04:52:37
centos
centos
tomcat6 security update
2013-06-20 17:46:38
threatpost
threatpost
Apache CXF Denial of Service Vulnerabilities Patched
2013-07-09 13:55:48
ibm
ibm
Security Bulletin: A Vulnerability in Apache Santuario affects IBM Cúram (CVE-2013-2172)
2018-11-07 15:35:01
Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Apache Santuario XML Security for Java (CVE-2013-4517, CVE-2013-2172)
2022-10-14 21:43:17
packetstorm
packetstorm
Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service
2013-07-09 00:00:00
exploitpack
exploitpack
Apache CXF 2.5.102.6.72.7.4 - Denial of Service
2013-07-09 00:00:00
ubuntu
ubuntu
Apache XML Security for Java vulnerability
2013-11-12 00:00:00
Tomcat vulnerabilities
2013-01-14 00:00:00
Tomcat vulnerabilities
2013-05-28 00:00:00
exploitdb
exploitdb
Apache CXF &lt; 2.5.10/2.6.7/2.7.4 - Denial of Service
2013-07-09 00:00:00
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
thn
thn
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 17:45:00
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 06:45:00
JSON
Related for REDHAT-RHSA-2013-1437.NASL
redhat23nessus35veracode8github6ubuntucve8osv8prion12cve12debiancve4seebug7openvas33tomcat3securityvulns8freebsd1oraclelinux1fedora6debian4mageia2centos1threatpost1ibm2packetstorm1exploitpack1ubuntu3exploitdb1f51atlassian5thn2