(RHSA-2012:1026) Important: jbossas and jboss-naming security update
2012-06-20T04:00:00
ID RHSA-2012:1026 Type redhat Reporter RedHat Modified 2018-06-07T02:37:46
Description
JBoss Application Server is the base package for JBoss Enterprise
Application Platform, providing the core server components. The Java Naming
and Directory Interface (JNDI) Java API allows Java software clients to
locate objects or services in an application server. The Java Authorization
Contract for Containers (Java ACC) specification defines Permission classes
and the binding of container access decisions to operations on instances of
these permission classes. JaccAuthorizationRealm performs authorization
based on Java ACC permissions and a Policy implementation.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
When a JBoss server is configured to use JaccAuthorizationRealm, the
WebPermissionMapping class creates permissions that are not checked and can
permit access to users without checking their roles. If the
ignoreBaseDecision property is set to true on JBossWebRealm, the web
authorization process is handled exclusively by JBossAuthorizationEngine,
without any input from JBoss Web. This allows any valid user to access an
application, without needing to be assigned the role specified in the
application's web.xml "security-constraint" tag. (CVE-2012-1167)
Red Hat would like to thank Christian Schlüter (VIADA) for reporting
CVE-2011-4605.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's "server/[PROFILE]/deploy/" directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 4, 5, and 6 should upgrade to these updated packages, which correct
these issues. The JBoss server process must be restarted for this update to
take effect.
{"id": "RHSA-2012:1026", "hash": "8d1102421579800d54dc8ec13435933c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1026) Important: jbossas and jboss-naming security update", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "published": "2012-06-20T04:00:00", "modified": "2018-06-07T02:37:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1026", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-4605", "CVE-2012-1167"], "lastseen": "2018-12-11T19:43:07", "history": [{"bulletin": {"id": "RHSA-2012:1026", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1026) Important: jbossas and jboss-naming security update", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "published": "2012-06-20T04:00:00", "modified": "2017-03-03T15:54:40", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1026", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-4605", "CVE-2012-1167"], "lastseen": "2017-05-17T09:23:32", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.2.ep5.el6.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jboss-naming", "OSVersion": "6", "packageVersion": "5.0.3-4.CP01_patch_01.2.ep5.el6", "operator": "lt"}, {"packageFilename": "jbossas-5.1.2-10.ep5.el5.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "jbossas", "OSVersion": "5", "packageVersion": "5.1.2-10.ep5.el5", "operator": "lt"}, {"packageFilename": "jbossas-5.1.2-10.ep5.el6.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas", "OSVersion": "6", "packageVersion": "5.1.2-10.ep5.el6", "operator": "lt"}, {"packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.2.ep5.el6.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "jboss-naming", "OSVersion": "6", "packageVersion": "5.0.3-4.CP01_patch_01.2.ep5.el6", "operator": "lt"}, {"packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.1.ep5.el5.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jboss-naming", "OSVersion": "5", "packageVersion": "5.0.3-4.CP01_patch_01.1.ep5.el5", "operator": "lt"}, {"packageFilename": "jbossas-client-5.1.2-10.ep5.el5.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-client", "OSVersion": "5", "packageVersion": "5.1.2-10.ep5.el5", "operator": "lt"}, {"packageFilename": "jbossas-ws-native-5.1.2-10.ep5.el5.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-ws-native", "OSVersion": "5", "packageVersion": "5.1.2-10.ep5.el5", "operator": "lt"}, {"packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.1.ep5.el5.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "jboss-naming", "OSVersion": "5", "packageVersion": "5.0.3-4.CP01_patch_01.1.ep5.el5", "operator": "lt"}, {"packageFilename": "jbossas-messaging-5.1.2-10.ep5.el6.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-messaging", "OSVersion": "6", "packageVersion": "5.1.2-10.ep5.el6", "operator": "lt"}, {"packageFilename": "jbossas-5.1.2-10.ep5.el5.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas", "OSVersion": "5", "packageVersion": "5.1.2-10.ep5.el5", "operator": "lt"}, {"packageFilename": "jbossas-client-5.1.2-10.ep5.el6.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-client", "OSVersion": "6", "packageVersion": "5.1.2-10.ep5.el6", "operator": "lt"}, {"packageFilename": "jbossas-ws-native-5.1.2-10.ep5.el6.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-ws-native", "OSVersion": "6", "packageVersion": "5.1.2-10.ep5.el6", "operator": "lt"}, {"packageFilename": "jbossas-5.1.2-10.ep5.el6.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "jbossas", "OSVersion": "6", "packageVersion": "5.1.2-10.ep5.el6", "operator": "lt"}, {"packageFilename": "jbossas-messaging-5.1.2-10.ep5.el5.noarch.rpm", "OS": "RedHat", "arch": "noarch", "packageName": "jbossas-messaging", "OSVersion": "5", "packageVersion": "5.1.2-10.ep5.el5", "operator": "lt"}]}, "lastseen": "2017-05-17T09:23:32", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2012:1026", "hash": "2b7695ccaf9731fb0cec37a9f9a9d5da", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1026) Important: jbossas and jboss-naming security update", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "published": "2012-06-20T04:00:00", "modified": "2018-06-07T02:37:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1026", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-4605", "CVE-2012-1167"], "lastseen": "2018-06-06T23:50:46", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jbossas-client", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-client-5.1.2-10.ep5.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jbossas-messaging", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-messaging-5.1.2-10.ep5.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jbossas-ws-native", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-ws-native-5.1.2-10.ep5.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jboss-naming", "packageVersion": "5.0.3-4.CP01_patch_01.1.ep5.el5", "packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.1.ep5.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jbossas", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-5.1.2-10.ep5.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "jboss-naming", "packageVersion": "5.0.3-4.CP01_patch_01.1.ep5.el5", "packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.1.ep5.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "jbossas", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-5.1.2-10.ep5.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "jboss-naming", "packageVersion": "5.0.3-4.CP01_patch_01.2.ep5.el6", "packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.2.ep5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "jbossas", "packageVersion": "5.1.2-10.ep5.el6", "packageFilename": "jbossas-5.1.2-10.ep5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "jbossas-client", "packageVersion": "5.1.2-10.ep5.el6", "packageFilename": "jbossas-client-5.1.2-10.ep5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "jbossas-ws-native", "packageVersion": "5.1.2-10.ep5.el6", "packageFilename": "jbossas-ws-native-5.1.2-10.ep5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "jbossas-messaging", "packageVersion": "5.1.2-10.ep5.el6", "packageFilename": "jbossas-messaging-5.1.2-10.ep5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "jboss-naming", "packageVersion": "5.0.3-4.CP01_patch_01.2.ep5.el6", "packageFilename": "jboss-naming-5.0.3-4.CP01_patch_01.2.ep5.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "jbossas", "packageVersion": "5.1.2-10.ep5.el6", "packageFilename": "jbossas-5.1.2-10.ep5.el6.src.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T23:50:46", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4605", "CVE-2012-1167"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-1026.NASL", "REDHAT-RHSA-2012-1025.NASL"]}, {"type": "redhat", "idList": ["RHSA-2012:1027", "RHSA-2012:1013", "RHSA-2012:1025", "RHSA-2012:1022", "RHSA-2012:1024"]}, {"type": "seebug", "idList": ["SSV:60307", "SSV:60227"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13207", "SECURITYVULNS:DOC:29650"]}], "modified": "2018-12-11T19:43:07"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "jbossas-client", "packageVersion": "5.1.2-10.ep5.el5", "packageFilename": "jbossas-client-5.1.2-10.ep5.el5.noarch.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}
{"cve": [{"lastseen": "2016-09-03T15:55:24", "bulletinFamily": "NVD", "description": "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.", "modified": "2013-04-01T23:13:22", "published": "2012-11-23T15:55:01", "id": "CVE-2011-4605", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4605", "type": "cve", "title": "CVE-2011-4605", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-29T12:17:34", "bulletinFamily": "NVD", "description": "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.", "modified": "2017-08-28T21:31:13", "published": "2012-11-23T15:55:02", "id": "CVE-2012-1167", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1167", "title": "CVE-2012-1167", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:18:18", "bulletinFamily": "scanner", "description": "Updated jbossas and jboss-naming packages that fix two security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nJBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface (JNDI) Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers (Java ACC) specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes.\nJaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service (port 1099), HA-JNDI service (port 1100), or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml 'security-constraint' tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schluter (VIADA) for reporting CVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise Application Platform's 'server/[PROFILE]/deploy/' directory, along with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 4, 5, and 6 should upgrade to these updated packages, which correct these issues. The JBoss server process must be restarted for this update to take effect.", "modified": "2018-12-27T00:00:00", "id": "REDHAT-RHSA-2012-1026.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64043", "published": "2013-01-24T00:00:00", "title": "RHEL 5 / 6 : jbossas and jboss-naming (RHSA-2012:1026)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1026. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64043);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/27 10:05:36\");\n\n script_cve_id(\"CVE-2011-4605\", \"CVE-2012-1167\");\n script_xref(name:\"RHSA\", value:\"2012:1026\");\n\n script_name(english:\"RHEL 5 / 6 : jbossas and jboss-naming (RHSA-2012:1026)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jbossas and jboss-naming packages that fix two security issues\nare now available for JBoss Enterprise Application Platform 5.1.2 for\nRed Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java\nNaming and Directory Interface (JNDI) Java API allows Java software\nclients to locate objects or services in an application server. The\nJava Authorization Contract for Containers (Java ACC) specification\ndefines Permission classes and the binding of container access\ndecisions to operations on instances of these permission classes.\nJaccAuthorizationRealm performs authorization based on Java ACC\npermissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated,\nremote write access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker\nable to access the JNDI service (port 1099), HA-JNDI service (port\n1100), or the HAJNDIFactory invoker servlet on a JBoss server could\nuse this flaw to add, delete, and modify items in the JNDI tree. This\ncould have various, application-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked\nand can permit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by\nJBossAuthorizationEngine, without any input from JBoss Web. This\nallows any valid user to access an application, without needing to be\nassigned the role specified in the application's web.xml\n'security-constraint' tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schluter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's 'server/[PROFILE]/deploy/' directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat\nEnterprise Linux 4, 5, and 6 should upgrade to these updated packages,\nwhich correct these issues. The JBoss server process must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4605\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1026\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-naming-5.0.3-4.CP01_patch_01.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-5.1.2-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-client-5.1.2-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-messaging-5.1.2-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-native-5.1.2-10.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-naming-5.0.3-4.CP01_patch_01.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-5.1.2-10.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-client-5.1.2-10.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-messaging-5.1.2-10.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-native-5.1.2-10.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jboss-naming / jbossas / jbossas-client / jbossas-messaging / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:18", "bulletinFamily": "scanner", "description": "Updated jbossas packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nJBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface (JNDI) Java API allows Java software clients to locate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service (port 1099), HA-JNDI service (port 1100), or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schluter (VIADA) for reporting this issue.\n\nWarning: Before applying this update, back up your JBoss Enterprise Application Platform's 'server/[PROFILE]/deploy/' directory, along with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat Enterprise Linux 4 and 5 should upgrade to these updated packages, which correct this issue. The JBoss server process must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2012-1025.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64042", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : jbossas (RHSA-2012:1025)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1025. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64042);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2011-4605\");\n script_xref(name:\"RHSA\", value:\"2012:1025\");\n\n script_name(english:\"RHEL 5 : jbossas (RHSA-2012:1025)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jbossas packages that fix one security issue are now available\nfor JBoss Enterprise Application Platform 4.3.0 CP10 for Red Hat\nEnterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nJBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java\nNaming and Directory Interface (JNDI) Java API allows Java software\nclients to locate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated,\nremote write access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker\nable to access the JNDI service (port 1099), HA-JNDI service (port\n1100), or the HAJNDIFactory invoker servlet on a JBoss server could\nuse this flaw to add, delete, and modify items in the JNDI tree. This\ncould have various, application-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schluter (VIADA) for reporting\nthis issue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's 'server/[PROFILE]/deploy/' directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat\nEnterprise Linux 4 and 5 should upgrade to these updated packages,\nwhich correct this issue. The JBoss server process must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4605\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossas and / or jbossas-client packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1025\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-4.3.0-10.GA_CP10_patch_01.1.ep1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-client-4.3.0-10.GA_CP10_patch_01.1.ep1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossas / jbossas-client\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:11", "bulletinFamily": "unix", "description": "JBoss Application Server is the base package for JBoss Enterprise Web\nPlatform, providing the core server components. The Java Naming and\nDirectory Interface (JNDI) Java API allows Java software clients to locate\nobjects or services in an application server. The Java Authorization\nContract for Containers (Java ACC) specification defines Permission classes\nand the binding of container access decisions to operations on instances of\nthese permission classes. JaccAuthorizationRealm performs authorization\nbased on Java ACC permissions and a Policy implementation.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting\nCVE-2011-4605.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"server/[PROFILE]/deploy/\" directory and any other customized\nconfiguration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.\n", "modified": "2018-06-07T02:39:14", "published": "2012-06-20T04:00:00", "id": "RHSA-2012:1027", "href": "https://access.redhat.com/errata/RHSA-2012:1027", "type": "redhat", "title": "(RHSA-2012:1027) Important: jbossas-web and jboss-naming security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:45:28", "bulletinFamily": "unix", "description": "The Java Authorization Contract for Containers (Java ACC) specification\ndefines Permission classes and the binding of container access decisions to\noperations on instances of these permission classes. JaccAuthorizationRealm\nperforms authorization based on Java ACC permissions and a Policy\nimplementation.\n\nWhen a JBoss server is configured to use JaccAuthorizationRealm, the\nWebPermissionMapping class creates permissions that are not checked and can\npermit access to users without checking their roles. If the\nignoreBaseDecision property is set to true on JBossWebRealm, the web\nauthorization process is handled exclusively by JBossAuthorizationEngine,\nwithout any input from JBoss Web. This allows any valid user to access an\napplication, without needing to be assigned the role specified in the\napplication's web.xml \"security-constraint\" tag. (CVE-2012-1167)\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:36:30", "published": "2012-06-19T23:22:46", "id": "RHSA-2012:1013", "href": "https://access.redhat.com/errata/RHSA-2012:1013", "type": "redhat", "title": "(RHSA-2012:1013) Moderate: jbossas security update", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:48:04", "bulletinFamily": "unix", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:34:19", "published": "2012-06-20T19:56:56", "id": "RHSA-2012:1024", "href": "https://access.redhat.com/errata/RHSA-2012:1024", "type": "redhat", "title": "(RHSA-2012:1024) Important: jbossas security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T13:45:32", "bulletinFamily": "unix", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:35:29", "published": "2012-06-20T19:55:44", "id": "RHSA-2012:1022", "href": "https://access.redhat.com/errata/RHSA-2012:1022", "type": "redhat", "title": "(RHSA-2012:1022) Important: jbossas security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:13", "bulletinFamily": "unix", "description": "JBoss Application Server is the base package for JBoss Enterprise\nApplication Platform, providing the core server components. The Java Naming\nand Directory Interface (JNDI) Java API allows Java software clients to\nlocate objects or services in an application server.\n\nIt was found that the JBoss JNDI service allowed unauthenticated, remote\nwrite access by default. The JNDI and HA-JNDI services, and the\nHAJNDIFactory invoker servlet were all affected. A remote attacker able to\naccess the JNDI service (port 1099), HA-JNDI service (port 1100), or the\nHAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,\ndelete, and modify items in the JNDI tree. This could have various,\napplication-specific impacts. (CVE-2011-4605)\n\nRed Hat would like to thank Christian Schl\u00fcter (VIADA) for reporting this\nissue.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 4.3.0 CP10 on Red Hat\nEnterprise Linux 4 and 5 should upgrade to these updated packages, which\ncorrect this issue. The JBoss server process must be restarted for this\nupdate to take effect.\n", "modified": "2016-04-04T18:31:09", "published": "2012-06-20T04:00:00", "id": "RHSA-2012:1025", "href": "https://access.redhat.com/errata/RHSA-2012:1025", "type": "redhat", "title": "(RHSA-2012:1025) Important: jbossas security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:49:38", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 54644\r\nCVE ID: CVE-2011-4605\r\n\r\nJBoss\u4f01\u4e1a\u5e94\u7528\u5e73\u53f0\uff08JBoss Enterprise Application Platform\uff0cEAP\uff09\u662fJ2EE\u5e94\u7528\u7684\u4e2d\u95f4\u4ef6\u5e73\u53f0\u3002\r\n\r\nJBoss Enterprise Portal Platform 4.3 CP07\u53ca\u5176\u4ed6\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u3002\n0\nRedHat JBoss Enterprise Portal Platform 4.3 CP07\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.redhat.com/apps/support/errata/index.html", "modified": "2012-08-03T00:00:00", "published": "2012-08-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60307", "id": "SSV:60307", "type": "seebug", "title": "JBoss Enterprise Application Platform\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:55:57", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2012-1167\r\n\r\nJBOSS\u662f\u4e00\u4e2a\u57fa\u4e8eJ2EE\u7684\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\r\nRedhat\u4e3aJBoss Enterprise Application Platform\u548cJBoss Enterprise Web Platform\u53d1\u5e03\u4e86\u4e00\u4e2a\u66f4\u65b0\uff0c\u4fee\u590d\u4e86\u4e00\u4e2a\u80fd\u7ed5\u8fc7\u90e8\u5206\u5b89\u5168\u9650\u5236\u7684\u5b89\u5168\u95ee\u9898\u3002\r\n\u5f53\u521b\u5efa\u6743\u9650\u65f6WebPermissionMapping\u7c7b\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u83b7\u5f97\u5bf9\u53d7\u9650\u5e94\u7528\u7684\u8bbf\u95ee\u3002\r\n\u8981\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u9700\u8981JBoss server\u914d\u7f6e\u4f7f\u7528JaccAuthorizationRealm\uff0c\u5e76\u4e14\u5728JBossWebRealm\u4e0aignoreBaseDecision\u8bbe\u7f6e\u4e3atrue\u3002\n0\nJBoss Enterprise Application Platform 5.x\r\nJBoss Enterprise Web Platform 5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nJBoss Group\r\n-----------\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n\r\nhttps://rhn.redhat.com/errata/RHSA-2012-1013.html\r\nhttps://rhn.redhat.com/errata/RHSA-2012-1014.html", "modified": "2012-06-23T00:00:00", "published": "2012-06-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60227", "id": "SSV:60227", "type": "seebug", "title": "JBoss Enterprise Application Platform/JBoss Enterprise Web Platform\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "description": "Unauthorized access, code execution, DoS.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "SECURITYVULNS:VULN:13207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13207", "title": "HP Network Node Manager multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03824583\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03824583\r\nVersion: 1\r\n\r\nHPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux,\r\nSolaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access,\r\nExecution of Arbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-07-24\r\nLast Updated: 2013-07-24\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\r\naccess or execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Network Node\r\nManager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities\r\ncould be remotely exploited resulting in a Denial of Service (DoS) or\r\nunauthorized access or execution of arbitrary code.\r\n\r\nReferences: CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428,\r\nCVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858,\r\nCVE-2012-3546, SSRT101110\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Network Node Manager I (NNMi) v9.0X and v9.1X for HP-UX, Linux, Solaris,\r\nand Windows.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2007-5333 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2009-3554 (AV:L/AC:L/Au:N/C:P/I:N/A:N) 2.1\r\nCVE-2010-0738 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2010-1428 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2010-1429 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2011-1483 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2011-2196 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\r\nCVE-2011-4605 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following hotfixes available to resolve the vulnerabilities\r\nfor NNMi v9.00 and v9.1X and NNMi SPIs of the same version.\r\n\r\nThese hotfixes also apply to the following products and can be applied to all\r\npatch levels:\r\n\r\nHP NNM iSPI for IP QA\r\nHP NNM iSPI for IP Telephony\r\nHP NNM SPI for IP Multicast\r\nHP NNM SPI for MPLS\r\n\r\nNNMi Version\r\n Operating System\r\n Hotfix\r\n\r\n9.00\r\n HP-UX, Linux, Solaris, and Windows.\r\n HF-NNMi-9.0xP5-JBoss-20130417\r\n\r\n9.10\r\n HP-UX, Linux, Solaris, and Windows.\r\n HF-NNMi-9.1xP5-JBoss-20130417\r\n\r\nFor issues about implementing the recommendations of this Security Bulletin,\r\ncontact normal HP Services support channel.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nnone\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 24 July 2013 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlHwTu0ACgkQ4B86/C0qfVm/8wCgvFdIjDTPgIP9zGYg90aMN5TH\r\n0sAAnRaUZEG4q4G+exiXDOJkiWq1/br1\r\n=lkyS\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "SECURITYVULNS:DOC:29650", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29650", "title": "[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
