4 matches found
CVE-2013-6468
CVE-2013-6468 affects JBoss Drools and Red Hat JBoss BRMS/BPM Suite prior to 6.0.1. The flaw allows remote authenticated users to execute arbitrary Java code via MVFLEX (MVEL) or Drools expressions, caused by unsafe expression handling. Red Hat advisories RHSA-2014:0371/0372 document the fix in B...
Drools任意代码执行漏洞
Bugtraq ID:66659 CVE ID:CVE-2013-6468 Drools具有一个易于访问企业策略、易于调整以及易于管理的开源业务规则引擎,符合业内标准,速度快、效率高。 Drools存在一个安全漏洞,允许远程通过验证的攻击者在MVEL或者Drools表达式中提交任意Java代码,可以应用服务安全上下文执行任意代码。 0 Drools 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://rhn.redhat.com/errata/RHSA-2014-0371.html...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.1 update
Red Hat JBoss BRMS 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.1 update
Red Hat JBoss BPM Suite 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...