(RHSA-2016:2938) Moderate: Red Hat JBoss BRMS security update

2016-12-09T00:51:56
ID RHSA-2016:2938
Type redhat
Reporter RedHat
Modified 2019-02-20T17:32:39

Description

This release of Red Hat JBoss BRMS 6.3.4 serves as a replacement for Red Hat JBoss BRMS 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section.

Security Fix(es):

  • Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. (CVE-2016-7041)

Red Hat would like to thank Jonas Bauters (NVISO) for reporting this issue.