Lucene search

K
redhat
RedHatRHSA-2016:1931
HistorySep 23, 2016 - 8:29 p.m.

(RHSA-2016:1931) Important: Red Hat JBoss Fuse/A-MQ 6.2.1 security and bug fix update

2016-09-2320:29:27
access.redhat.com
8

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.2%

Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.

This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files.

Security Fix(es):

  • It was found that the fix for CVE-2012-6153 was incomplete: the code
    added to check that the server hostname matches the domain name in a
    subject’s Common Name (CN) field in X.509 certificates was flawed. A
    man-in-the-middle attacker could use this flaw to spoof an SSL server using
    a specially crafted X.509 certificate. (CVE-2014-3577)

Refer to the readme.txt file included with the patch files for installation instructions.

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.2%

Related for RHSA-2016:1931