(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update

JBoss Operations Network (JBoss ON) is a middleware management solution
that provides a single point of control to deploy, manage, and monitor
JBoss Enterprise Middleware, applications, and services.

This JBoss ON 3.1.1 release serves as a replacement for JBoss ON 3.1.0, and
includes several bug fixes and enhancements. Refer to the JBoss ON 3.1.1
Release Notes for information on the most significant of these changes. The
Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/

The following security issue is also fixed with this release:

It was found that JBoss Web did not handle large numbers of parameters and
large parameter values efficiently. A remote attacker could make JBoss Web
use an excessive amount of CPU time by sending an HTTP request containing a
large number of parameters or large parameter values. This update
introduces limits on the number of parameters and headers processed per
request to address this issue. The default limit is 512 for parameters and
128 for headers. These defaults can be changed by setting the
org.apache.tomcat.util.http.Parameters.MAX_COUNT and
org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in
“jbossas/server/[PROFILE]/deploy/properties-service.xml”. (CVE-2012-0022)

Warning: Before applying the update, back up your existing JBoss ON
installation (including its databases, applications, configuration files,
the JBoss ON server’s file system directory, and so on).

All users of JBoss Operations Network 3.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.1.1.