Lucene search

K
redhatRedHatRHSA-2017:1552
HistoryJun 20, 2017 - 4:08 p.m.

(RHSA-2017:1552) Moderate: jboss-ec2-eap security, bug fix, and enhancement update

2017-06-2016:08:40
access.redhat.com
39

EPSS

0.002

Percentile

59.6%

The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).

With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.16.

Security Fix(es):

  • It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)

  • It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)

  • It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)