9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
88.8%
JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition
(J2EE) applications.
This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss
Application Server and JBoss Seam. This release serves as a replacement to
JBEAP 4.2.0.GA.
The updated packages address the following security vulnerabilities:
the JFreeChart component was vulnerable to multiple cross-site scripting
(XSS) vulnerabilities. An attacker could misuse the image map feature to
inject arbitrary web script or HTML via several attributes of the chart
area. (CVE-2007-6306)
a vulnerability caused by exposing static java methods was located within
the HSQLDB component. This could be utilized by an attacker to execute
arbitrary static java methods. (CVE-2007-4575)
the setOrder method in the org.jboss.seam.framework.Query class did not
properly validate user-supplied parameters. This vulnerability allowed
remote attackers to inject and execute arbitrary EJBQL commands via the
order parameter. (CVE-2007-6433)
All users are advised to upgrade to this release of JBEAP, which addresses
these vulnerabilities.