5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.034 Low
EPSS
Percentile
90.0%
Red Hat JBoss Operations Network is a middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.2.3 release serves as a replacement for
JBoss Operations Network 3.2.2, and includes several bug fixes. Refer to
the JBoss Operations Network 3.2.3 Release Notes for information on the
most significant of these changes. The Release Notes will be available
shortly from https://access.redhat.com/documentation/en-US/
The following security issues are also fixed with this release:
It was discovered that JBoss Web did not limit the length of chunk sizes
when using chunked transfer encoding. A remote attacker could use this flaw
to perform a denial of service attack against JBoss Web by streaming an
unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that JBoss Web did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a JBoss Web server
located behind a reverse proxy that processed the content length header
correctly. (CVE-2014-0099)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
All users of JBoss Operations Network 3.2.2 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.2.3.