Lucene search

K
redhat
RedHatRHSA-2014:1833
HistoryNov 10, 2014 - 12:00 a.m.

(RHSA-2014:1833) Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update

2014-11-1000:00:00
access.redhat.com
15

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Red Hat JBoss Enterprise Web Platform is a platform for Java applications,
which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.

It was discovered that the HttpClient incorrectly extracted host name from
an X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)

The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat
Product Security.

For additional information on these flaws, refer to the Knowledgebase
article in the References section.

All users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.

How to protect your server from attacks?

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Related for RHSA-2014:1833