4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.2%
Red Hat JBoss Fuse Service Works is the next-generation ESB and business
process automation infrastructure.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse
Service Works 6.0.0. It includes various bug fixes, which are listed in the
README file included with the patch files.
The following security issues are also fixed with this release:
It was found that async-http-client would disable SSL/TLS certificate
verification under certain conditions, for example if HTTPS communication
also used client certificates. A man-in-the-middle (MITM) attacker could
use this flaw to spoof a valid certificate. (CVE-2013-7397)
It was found that async-http-client did not verify that the server hostname
matched the domain name in the subject’s Common Name (CN) or subjectAltName
field in X.509 certificates. This could allow a man-in-the-middle attacker
to spoof an SSL server if they had a certificate that was valid for any
domain name. (CVE-2013-7398)
All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this roll up patch.