RedHatRHSA-2016:0321(RHSA-2016:0321) Moderate: Red Hat JBoss Fuse 6.2.1 update
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.3%
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
This patch is an update to Red Hat JBoss Fuse 6.2.1. It includes several
bug fixes, which are documented in the readme.txt file included with the
patch files.
The following security issue is addressed in this release:
It was found that Apache CXF permitted wrapping attacks in its support for
SAML SSO. A malicious user could construct a SAML response that would
bypass the login screen and possibly gain access to restricted information
or resources. (CVE-2015-5253)
Refer to the readme.txt file included with the patch files for
installation instructions.
All users of Red Hat JBoss Fuse 6.2.1 as provided from the Red Hat Customer
Portal are advised to apply this update.
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.3%