Lucene search

K
redhatRedHatRHSA-2017:1549
HistoryJun 20, 2017 - 3:32 p.m.

(RHSA-2017:1549) Moderate: Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 6

2017-06-2015:32:16
access.redhat.com
46

EPSS

0.002

Percentile

59.6%

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 6.4.16
serves as a replacement for Red Hat JBoss Enterprise Application Platform
6.4.15, and includes bug fixes and enhancements, which are documented
in the Release Notes document linked to in the References.

Security Fix(es):

  • It was found that the log file viewer in Red Hat JBoss Enterprise
    Application 6 and 7 allows arbitrary file read to authenticated user via
    path traversal. (CVE-2017-2595)

  • It was discovered that a malicious web application could bypass a
    configured SecurityManager via a Tomcat utility method that was accessible
    to web applications. (CVE-2016-5018)

  • It was discovered that a malicious web application could bypass a
    configured SecurityManager via manipulation of the configuration parameters
    for the JSP Servlet. (CVE-2016-6796)