Lucene search

K
redhat
RedHatRHSA-2014:1892
HistoryNov 24, 2014 - 8:44 p.m.

(RHSA-2014:1892) Important: Red Hat JBoss BPM Suite 6.0.3 update

2014-11-2420:44:18
access.redhat.com
6

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Red Hat JBoss BPM Suite is a business rules and processes management system
for the management, storage, creation, modification, and deployment of
JBoss rules and BPMN2-compliant business processes.

This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM
Suite 6.0.3, and includes bug fixes and enhancements. It includes various
bug fixes, which are listed in the README file included with the
patch files.

The following security issues are fixed with this release:

It was discovered that Jakarta Commons HttpClient incorrectly extracted the
host name from an X.509 certificate subject’s Common Name (CN) field.
A man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)

The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat
Product Security.

All users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat
Customer Portal are advised to apply this roll up patch.

How to protect your server from attacks?

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Related for RHSA-2014:1892