logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2018:1607) Critical: Red Hat JBoss Enterprise Application Platform 5.2 security update

Description

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix(es): * jbossas: Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter of HTTP Invoker. (CVE-2017-12149) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Joao F M Figueiredo for reporting this issue.


Affected Package


OS OS Version Package Name Package Version
RedHat 5 jbossas 5.2.0-24.ep5.el5
RedHat 5 jbossas-messaging 5.2.0-24.ep5.el5
RedHat 6 jbossas-ws-native 5.2.0-24.ep5.el6
RedHat 5 jbossas-ws-native 5.2.0-24.ep5.el5
RedHat 6 jbossas-client 5.2.0-24.ep5.el6
RedHat 6 jbossas 5.2.0-24.ep5.el6
RedHat 5 jbossas 5.2.0-24.ep5.el5
RedHat 6 jbossas-messaging 5.2.0-24.ep5.el6
RedHat 5 jbossas-client 5.2.0-24.ep5.el5
RedHat 6 jbossas 5.2.0-24.ep5.el6

Related