(RHSA-2017:1549) Moderate: Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 6

2017-06-20T19:32:16
ID RHSA-2017:1549
Type redhat
Reporter RedHat
Modified 2018-06-07T02:39:09

Description

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)

  • It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)

  • It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)