Lucene search

K
redhatRedHatRHSA-2014:1834
HistoryNov 10, 2014 - 12:00 a.m.

(RHSA-2014:1834) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update

2014-11-1000:00:00
access.redhat.com
21

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications, which integrates the JBoss Application Server with JBoss
Hibernate and JBoss Seam.

It was discovered that the HttpClient incorrectly extracted host name from
an X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)

The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat
Product Security.

For additional information on these flaws, refer to the Knowledgebase
article in the References section.

All users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to take
effect.

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%