Lucene search

K
redhatRedHatRHSA-2008:0158
HistoryMar 24, 2008 - 12:00 a.m.

(RHSA-2008:0158) Moderate: JBoss Enterprise Application Platform security update

2008-03-2400:00:00
access.redhat.com
31

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

88.8%

JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition
(J2EE) applications.

This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss
Application Server and JBoss Seam. This release serves as a replacement to
JBEAP 4.2.0.GA.

The updated packages address the following security vulnerabilities:

  • the JFreeChart component was vulnerable to multiple cross-site scripting
    (XSS) vulnerabilities. An attacker could misuse the image map feature to
    inject arbitrary web script or HTML via several attributes of the chart
    area. (CVE-2007-6306)

  • a vulnerability caused by exposing static java methods was located within
    the HSQLDB component. This could be utilized by an attacker to execute
    arbitrary static java methods. (CVE-2007-4575)

  • the setOrder method in the org.jboss.seam.framework.Query class did not
    properly validate user-supplied parameters. This vulnerability allowed
    remote attackers to inject and execute arbitrary EJBQL commands via the
    order parameter. (CVE-2007-6433)

All users are advised to upgrade to this release of JBEAP, which addresses
these vulnerabilities.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

88.8%