Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0765
HistoryMar 31, 2015 - 4:57 p.m.

(RHSA-2015:0765) Important: Red Hat JBoss Data Virtualization 6.0.0 security update

2015-03-3116:57:22
access.redhat.com
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.954 High

EPSS

Percentile

99.0%

JSON

Red Hat JBoss Data Virtualization is a lean data integration solution that
provides easy, real-time, and unified data access across disparate sources
to multiple applications and users. JBoss Data Virtualization makes data
spread across physically distinct systems-such as multiple databases, XML
files, and even Hadoop systems-appear as a set of tables in a local
database.

This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data
Virtualization 6.0.0. It includes various bug fixes, which are listed in
the README file included with the patch files.

The following security issues are also fixed with this release,
descriptions of which can be found on the respective CVE pages linked in
the References section.

CVE-2012-6153 Apache HttpComponents client: SSL hostname verification
bypass, incomplete CVE-2012-5783 fix

CVE-2014-3577 Apache HttpComponents client: SSL hostname verification
bypass, incomplete CVE-2012-6153 fix

CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage

CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,
8017298)

CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of
user-supplied content in outputText tags and EL expressions

CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding
input filter

CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content
length header

CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal
Entity (XXE)

CVE-2014-3490 RESTEasy: XXE via parameter entities

CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web
application

CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation

CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter

Red Hat would like to thank James Roper of Typesafe for reporting
CVE-2014-0193, and Alexander Papadakis for reporting CVE-2014-3530.
The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product
Security, the CVE-2014-0075 and CVE-2014-3490 issues were discovered by
David Jorm of Red Hat Product Security, and the CVE-2014-3481 issue was
discovered by the Red Hat JBoss Enterprise Application Platform QE team.

All users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this roll up patch.

Related

redhat 29
nessus 43
ibm 49
mageia 2
openvas 31
amazon 3
fedora 5
tomcat 3
ubuntucve 2
f5 4
debian 3
osv 3
threatpost 1
kaspersky 1
ubuntu 2
freebsd 2
oraclelinux 4
securityvulns 3
github 1
debiancve 1
prion 1
veracode 1
cve 1
atlassian 2
symantec 1
centos 1
redhat
redhat
(RHSA-2015:0720) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update
2015-03-24 20:57:38
(RHSA-2015:0675) Important: Red Hat JBoss Data Virtualization 6.1.0 update
2015-03-11 16:43:55
(RHSA-2015:0234) Important: Red Hat JBoss BPM Suite 6.0.3 security update
2015-02-17 22:21:04
nessus
nessus
Mandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)
2015-03-19 00:00:00
Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities
2014-05-30 00:00:00
Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)
2015-01-19 00:00:00
ibm
ibm
Security Bulletin: Apache Tomcat security vulnerability issues on IBM SONAS (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-18 00:08:32
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-17 04:56:14
Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-18 00:08:28
mageia
mageia
Updated tomcat and tomcat6 packages fix security vulnerabilities
2014-06-20 00:30:12
Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
2014-08-25 12:44:11
openvas
openvas
Fedora Update for tomcat FEDORA-2015-2109
2015-02-25 00:00:00
Mageia: Security Advisory (MGASA-2014-0268)
2022-01-28 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-526)
2015-09-08 00:00:00
amazon
amazon
Medium: tomcat8
2015-05-14 14:40:00
Medium: tomcat7
2015-05-14 14:38:00
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
fedora
fedora
[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21
2015-02-23 08:03:06
[SECURITY] Fedora 20 Update: jakarta-commons-httpclient-3.1-15.fc20
2014-08-27 01:31:46
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
tomcat
tomcat
Fixed in Apache Tomcat 6.0.41
2014-05-23 00:00:00
Fixed in Apache Tomcat 7.0.53
2014-03-30 00:00:00
Fixed in Apache Tomcat 8.0.5
2014-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2012-5783
2012-11-04 00:00:00
CVE-2012-6153
2014-09-04 00:00:00
f5
f5
SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577
2016-02-02 00:00:00
K15741 : Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-27 00:00:00
K15364328 : Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153
2016-02-02 00:00:00
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
osv
osv
commons-httpclient - security update
2015-05-19 00:00:00
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
tomcat7 - security update
2016-01-17 00:00:00
threatpost
threatpost
Apache Patches Bugs in Tomcat
2014-05-30 12:31:25
kaspersky
kaspersky
KLA10072 Multiple vulnerabilities in Apache Tomcat
2014-03-30 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-07-30 00:00:00
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2014-05-23 00:00:00
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
oraclelinux
oraclelinux
tomcat security update
2014-08-07 00:00:00
tomcat security update
2014-07-23 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2014-05-29 00:00:00
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
2014-08-18 00:00:00
github
github
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
debiancve
debiancve
CVE-2012-6153
2014-09-04 17:55:00
prion
prion
Design/Logic Flaw
2014-09-04 17:55:00
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
cve
cve
CVE-2012-6153
2014-09-04 17:55:00
atlassian
atlassian
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
2015-05-12 07:34:43
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
2015-05-12 07:34:43
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
centos
centos
tomcat6 security update
2014-07-09 16:09:49

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.954 High

EPSS

Percentile

99.0%

JSON
Related for RHSA-2015:0765
redhat29nessus43ibm49mageia2openvas31amazon3fedora5tomcat3ubuntucve2f54debian3osv3threatpost1kaspersky1ubuntu2freebsd2oraclelinux4securityvulns3github1debiancve1prion1veracode1cve1atlassian2symantec1centos1