Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRed HatPACKETSTORM:107660
HistoryDec 08, 2011 - 12:00 a.m.

Red Hat Security Advisory 2011-1798-01

2011-12-0800:00:00
Red Hat
packetstormsecurity.com
29

0.022 Low

EPSS

Percentile

88.3%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
=====================================================================  
Red Hat Security Advisory  
  
Synopsis: Low: JBoss Enterprise Application Platform 5.1.2 update  
Advisory ID: RHSA-2011:1798-01  
Product: JBoss Enterprise Application Platform  
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1798.html  
Issue date: 2011-12-08  
CVE Names: CVE-2011-4085 CVE-2011-4314   
=====================================================================  
  
1. Summary:  
  
Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two  
security issues, various bugs, and add several enhancements are now  
available for Red Hat Enterprise Linux 6.  
  
The Red Hat Security Response Team has rated this update as having low  
security impact. Common Vulnerability Scoring System (CVSS) base scores,  
which give detailed severity ratings, are available for each vulnerability  
from the CVE links in the References section.  
  
2. Relevant releases/architectures:  
  
JBoss Enterprise Application Platform 5 for RHEL 6 Server - i386, noarch, x86_64  
  
3. Description:  
  
JBoss Enterprise Application Platform is a platform for Java applications,  
which integrates the JBoss Application Server with JBoss Hibernate and  
JBoss Seam. OpenID4Java allows you to implement OpenID authentication in  
your Java applications. OpenID4Java is a Technology Preview.  
  
This JBoss Enterprise Application Platform 5.1.2 release for Red Hat  
Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application  
Platform 5.1.1.  
  
These updated packages include bug fixes and enhancements. Refer to  
the JBoss Enterprise Application Platform 5.1.2 Release Notes for  
information on the most significant of these changes. The Release Notes  
will be available shortly from  
https://docs.redhat.com/docs/en-US/index.html  
  
The following security issues are also fixed with this release:  
  
It was found that the invoker servlets, deployed by default via  
httpha-invoker, only performed access control on the HTTP GET and POST  
methods, allowing remote attackers to make unauthenticated requests by  
using different HTTP methods. Due to the second layer of authentication  
provided by a security interceptor, this issue is not exploitable on  
default installations unless an administrator has misconfigured the  
security interceptor or disabled it. (CVE-2011-4085)  
  
It was found that the Attribute Exchange (AX) extension of OpenID4Java was  
not checking to ensure attributes were signed. If AX was being used to  
receive information that an application only trusts the identity provider  
to assert, a remote attacker could use this flaw to conduct  
man-in-the-middle attacks and compromise the integrity of the information  
via a specially-crafted request. By default, only the JBoss Seam openid  
example application uses OpenID4Java. (CVE-2011-4314)  
  
Warning: Before applying this update, back up the  
"jboss-as/server/[PROFILE]/deploy/" directory and any other customized  
configuration files of your JBoss Enterprise Application Platform.  
  
All users of JBoss Enterprise Application Platform 5.1.1 on Red Hat  
Enterprise Linux 6 are advised to upgrade to these updated packages. The  
JBoss server process must be restarted for the update to take effect.  
  
4. Solution:  
  
Before applying this update, make sure all previously-released errata  
relevant to your system have been applied.  
  
This update is available via the Red Hat Network. Details on how to  
use the Red Hat Network to apply this update are available at  
https://access.redhat.com/kb/docs/DOC-11259  
  
5. Bugs fixed (http://bugzilla.redhat.com/):  
  
733727 - Tracker bug for the EAP 5.1.2 release for RHEL-6.  
750422 - CVE-2011-4085 Invoker servlets authentication bypass (HTTP verb tampering)  
754386 - CVE-2011-4314 openid4java (AX extension): MITM due to improper validation of AX attribute signatures  
  
6. Package List:  
  
JBoss Enterprise Application Platform 5 for RHEL 6 Server:  
  
Source:  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.2.12-4.patch_02.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/cglib-2.2-5.5.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/facelets-1.1.15-3.B1_patch_01.2.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jaxb-2.1.12-10_patch_02.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf-1.2_13-5_patch_01.3.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.1-10.patch_03.4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jakarta-commons-logging-jboss-1.1-10.3_patch_02.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-aop2-2.1.6-2.CP03.1.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-cache-core-3.2.8-1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-cl-2.0.10-1.2.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-cluster-ha-client-1.1.4-1.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-common-core-2.2.18-1.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-eap5-native-5.1.2-1.4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb3-core-1.3.8-0.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb3-proxy-clustered-1.0.3-2.SP1.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb3-proxy-impl-1.0.6-2.SP2.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-el-1.0_02-0.CR6.2.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-messaging-1.4.8-9.SP5.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-naming-5.0.3-3.CP01.3.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remoting-2.5.4-9.SP3.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-seam2-2.2.5.EAP5-7.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-spi-2.0.4-6.SP8.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-5.1.2-8.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-tp-licenses-5.1.2-7.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-ws-cxf-5.1.2-8.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosssx2-2.0.4-6.SP8.2.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossts-4.6.1-11.CP12.4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-2.1.12-1.4_patch_01.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-3.1.2-7.SP11.4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-1.1.0-6.SP8_patch_01.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-framework-3.1.2-6.SP10.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-spi-1.1.2-5.SP7.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jgroups-2.6.20-1.1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jopr-embedded-1.3.4-18.SP5.8.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jopr-hibernate-plugin-3.0.0-13.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jopr-jboss-as-5-plugin-3.0.0-12.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jopr-jboss-cache-v3-plugin-3.0.0-14.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-1.0.10-3.2.GA_CP02.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-native-1.0.10-3.1.1.GA_CP02.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/org-mc4j-ems-1.2.15.1-7.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.0.2-1.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/resteasy-1.2.1-9.CP02.5.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/rh-eap-docs-5.1.2-6.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/rhq-3.0.0-20.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/rhq-jmx-plugin-3.0.0-20.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/rhq-platform-plugin-3.0.0-13.EmbJopr4.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/slf4j-1.5.8-10_patch_01.2.ep5.el6.src.rpm  
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xalan-j2-2.7.1-6_patch_05.1.ep5.el6.src.rpm  
  
i386:  
jboss-eap5-native-5.1.2-1.4.ep5.el6.i386.rpm  
mod_cluster-native-1.0.10-3.1.1.GA_CP02.ep5.el6.i386.rpm  
mod_cluster-native-debuginfo-1.0.10-3.1.1.GA_CP02.ep5.el6.i386.rpm  
  
noarch:  
apache-cxf-2.2.12-4.patch_02.1.ep5.el6.noarch.rpm  
cglib-2.2-5.5.ep5.el6.noarch.rpm  
facelets-1.1.15-3.B1_patch_01.2.ep5.el6.noarch.rpm  
glassfish-jaxb-2.1.12-10_patch_02.ep5.el6.noarch.rpm  
glassfish-jsf-1.2_13-5_patch_01.3.ep5.el6.noarch.rpm  
jacorb-jboss-2.3.1-10.patch_03.4.ep5.el6.noarch.rpm  
jakarta-commons-logging-jboss-1.1-10.3_patch_02.1.ep5.el6.noarch.rpm  
jboss-aop2-2.1.6-2.CP03.1.1.ep5.el6.noarch.rpm  
jboss-cache-core-3.2.8-1.ep5.el6.noarch.rpm  
jboss-cl-2.0.10-1.2.ep5.el6.noarch.rpm  
jboss-cluster-ha-client-1.1.4-1.1.ep5.el6.noarch.rpm  
jboss-common-core-2.2.18-1.1.ep5.el6.noarch.rpm  
jboss-ejb3-core-1.3.8-0.1.ep5.el6.noarch.rpm  
jboss-ejb3-proxy-clustered-1.0.3-2.SP1.1.ep5.el6.noarch.rpm  
jboss-ejb3-proxy-impl-1.0.6-2.SP2.1.ep5.el6.noarch.rpm  
jboss-el-1.0_02-0.CR6.2.ep5.el6.noarch.rpm  
jboss-messaging-1.4.8-9.SP5.1.ep5.el6.noarch.rpm  
jboss-naming-5.0.3-3.CP01.3.ep5.el6.noarch.rpm  
jboss-remoting-2.5.4-9.SP3.1.ep5.el6.noarch.rpm  
jboss-seam2-2.2.5.EAP5-7.ep5.el6.noarch.rpm  
jboss-seam2-docs-2.2.5.EAP5-7.ep5.el6.noarch.rpm  
jboss-seam2-examples-2.2.5.EAP5-7.ep5.el6.noarch.rpm  
jboss-seam2-runtime-2.2.5.EAP5-7.ep5.el6.noarch.rpm  
jboss-security-spi-2.0.4-6.SP8.1.ep5.el6.noarch.rpm  
jbossas-5.1.2-8.ep5.el6.noarch.rpm  
jbossas-client-5.1.2-8.ep5.el6.noarch.rpm  
jbossas-messaging-5.1.2-8.ep5.el6.noarch.rpm  
jbossas-tp-licenses-5.1.2-7.ep5.el6.noarch.rpm  
jbossas-ws-cxf-5.1.2-8.ep5.el6.noarch.rpm  
jbossas-ws-native-5.1.2-8.ep5.el6.noarch.rpm  
jbosssx2-2.0.4-6.SP8.2.ep5.el6.noarch.rpm  
jbossts-4.6.1-11.CP12.4.ep5.el6.noarch.rpm  
jbossts-javadoc-4.6.1-11.CP12.4.ep5.el6.noarch.rpm  
jbossweb-2.1.12-1.4_patch_01.ep5.el6.noarch.rpm  
jbossweb-el-1.0-api-2.1.12-1.4_patch_01.ep5.el6.noarch.rpm  
jbossweb-jsp-2.1-api-2.1.12-1.4_patch_01.ep5.el6.noarch.rpm  
jbossweb-lib-2.1.12-1.4_patch_01.ep5.el6.noarch.rpm  
jbossweb-servlet-2.5-api-2.1.12-1.4_patch_01.ep5.el6.noarch.rpm  
jbossws-3.1.2-7.SP11.4.ep5.el6.noarch.rpm  
jbossws-common-1.1.0-6.SP8_patch_01.1.ep5.el6.noarch.rpm  
jbossws-framework-3.1.2-6.SP10.1.ep5.el6.noarch.rpm  
jbossws-spi-1.1.2-5.SP7.1.ep5.el6.noarch.rpm  
jgroups-2.6.20-1.1.ep5.el6.noarch.rpm  
jopr-embedded-1.3.4-18.SP5.8.ep5.el6.noarch.rpm  
jopr-hibernate-plugin-3.0.0-13.EmbJopr4.ep5.el6.noarch.rpm  
jopr-jboss-as-5-plugin-3.0.0-12.EmbJopr4.ep5.el6.noarch.rpm  
jopr-jboss-cache-v3-plugin-3.0.0-14.EmbJopr4.ep5.el6.noarch.rpm  
mod_cluster-demo-1.0.10-3.2.GA_CP02.ep5.el6.noarch.rpm  
mod_cluster-jbossas-1.0.10-3.2.GA_CP02.ep5.el6.noarch.rpm  
mod_cluster-jbossweb2-1.0.10-3.2.GA_CP02.ep5.el6.noarch.rpm  
mod_cluster-tomcat6-1.0.10-3.2.GA_CP02.ep5.el6.noarch.rpm  
org-mc4j-ems-1.2.15.1-7.ep5.el6.noarch.rpm  
picketlink-federation-2.0.2-1.ep5.el6.noarch.rpm  
picketlink-federation-webapp-idp-2.0.2-1.ep5.el6.noarch.rpm  
picketlink-federation-webapp-pdp-2.0.2-1.ep5.el6.noarch.rpm  
picketlink-federation-webapp-sts-2.0.2-1.ep5.el6.noarch.rpm  
resteasy-1.2.1-9.CP02.5.ep5.el6.noarch.rpm  
resteasy-examples-1.2.1-9.CP02.5.ep5.el6.noarch.rpm  
resteasy-javadoc-1.2.1-9.CP02.5.ep5.el6.noarch.rpm  
resteasy-manual-1.2.1-9.CP02.5.ep5.el6.noarch.rpm  
rh-eap-docs-5.1.2-6.ep5.el6.noarch.rpm  
rh-eap-docs-examples-5.1.2-6.ep5.el6.noarch.rpm  
rhq-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-ant-bundle-common-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-common-parent-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-client-api-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-comm-api-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-dbutils-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-domain-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-gui-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-native-system-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-parent-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-plugin-api-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-plugin-container-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-plugindoc-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-core-util-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-filetemplate-bundle-common-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-helpers-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-jboss-as-common-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-jmx-plugin-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-modules-parent-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-parent-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-platform-plugin-3.0.0-13.EmbJopr4.ep5.el6.noarch.rpm  
rhq-plugin-validator-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-pluginAnnotations-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-pluginGen-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-plugins-parent-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
rhq-rtfilter-3.0.0-20.EmbJopr4.ep5.el6.noarch.rpm  
slf4j-1.5.8-10_patch_01.2.ep5.el6.noarch.rpm  
xalan-j2-2.7.1-6_patch_05.1.ep5.el6.noarch.rpm  
  
x86_64:  
jboss-eap5-native-5.1.2-1.4.ep5.el6.x86_64.rpm  
mod_cluster-native-1.0.10-3.1.1.GA_CP02.ep5.el6.x86_64.rpm  
mod_cluster-native-debuginfo-1.0.10-3.1.1.GA_CP02.ep5.el6.x86_64.rpm  
  
These packages are GPG signed by Red Hat for security. Our key and   
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/#package  
  
7. References:  
  
https://www.redhat.com/security/data/cve/CVE-2011-4085.html  
https://www.redhat.com/security/data/cve/CVE-2011-4314.html  
https://access.redhat.com/security/updates/classification/#low  
https://docs.redhat.com/docs/en-US/index.html  
https://access.redhat.com/support/offerings/techpreview/  
  
8. Contact:  
  
The Red Hat security contact is <[email protected]>. More contact  
details at https://access.redhat.com/security/team/contact/  
  
Copyright 2011 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.4 (GNU/Linux)  
  
iD8DBQFO4SquXlSAg2UNWIIRAkE5AJ0eUn3uOW+Tf4jKb2tZD2Y3OTZV8QCggbiy  
QJzFUNQ+cJtlR83IVSMveMI=  
=ChRk  
-----END PGP SIGNATURE-----  
  
  
--  
RHSA-announce mailing list  
[email protected]  
https://www.redhat.com/mailman/listinfo/rhsa-announce  
`

Related

redhat 7
nessus 5
seebug 2
veracode 1
ibm 1
debiancve 1
prion 2
cve 2
redhat
redhat
(RHSA-2011:1799) Low: JBoss Enterprise Application Platform 5.1.2 update
2011-12-08 00:00:00
(RHSA-2011:1798) Low: JBoss Enterprise Application Platform 5.1.2 update
2011-12-08 00:00:00
(RHSA-2011:1805) Low: JBoss Enterprise Application Platform 5.1.2 update
2011-12-08 20:05:35
nessus
nessus
RHEL 4 : JBoss EAP (RHSA-2011:1800)
2013-01-24 00:00:00
RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2011:1799)
2013-01-24 00:00:00
seebug
seebug
JBoss Enterprise SOA平台Servlet调用器验证绕过漏洞
2011-11-18 00:00:00
JBoss Enterprise SOA Platform调用程序身份验证绕过漏洞
2011-12-13 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:06:56
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)
2018-06-16 22:06:31
debiancve
debiancve
CVE-2011-4314
2012-01-27 15:55:00
prion
prion
Input validation
2012-01-27 15:55:00
Authentication flaw
2012-11-23 20:55:00
cve
cve
CVE-2011-4314
2012-01-27 15:55:00
CVE-2011-4085
2012-11-23 20:55:00

0.022 Low

EPSS

Percentile

88.3%

JSON
Related for PACKETSTORM:107660
redhat7nessus5seebug2veracode1ibm1debiancve1prion2cve2