{"cve": [{"lastseen": "2017-08-09T15:20:46", "bulletinFamily": "NVD", "description": "VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka \"Expression Language Injection.\"", "modified": "2017-08-08T21:29:00", "published": "2012-12-05T12:55:01", "id": "CVE-2011-2730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2730", "title": "CVE-2011-2730", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "CVE-2011-2730: Spring Framework Information Disclosure\r\n\r\nSeverity: Variable depending on application. Likely to be low to moderate, may be important.\r\n\r\nVersion affected:\r\n3.0.0 to 3.0.5\r\n2.5.0 to 2.5.6.SEC02 (community releases)\r\n2.5.0 to 2.5.7.SR01 (subscription customers)\r\nEarlier, unsupported versions may also be affected\r\n\r\nDescription:\r\nPrior to JSP 2.0, Expression Language (EL) was not supported. To enable the use of EL in web applications based on earlier JSP specifications, some Spring MVC tags provide EL support independently of the Servlet/JSP container The evaluation of EL is enabled by default. When used on containers that do support EL, the attributes can be evaluated for EL twice. Once by the container and once by the tag. This can lead to unexpected results that include disclosure of information. More details, including a complete list of the vulnerable tags and attributes, are available in a paper[1] written by the researchers that discovered this issue.\r\n\r\nExample:\r\nA request of the form:\r\nhttp:///vulnerable.com/foo?message=${applicationScope}\r\n\r\nto a page that contains:\r\n<spring:message code="${param['message']}" text=""/>\r\n\r\nwill result in output that contains internal server information including the classpath and local working directories. Session IDs can be obtained using similar techniques.\r\n\r\nMitigation:\r\nA new context parameter has been added called springJspExpressionSupport. When true (the default) the existing behaviour of evaluating EL within the tag will be performed. When running in an environment where EL support is provided by the container, this should be set to false. Note that for Spring Framework 3.1 onwards when running on a Servlet 3.0 or higher container, the correct default will be set automatically. This new attribute is available in:\r\n3.0.6 onwards\r\n2.5.6.SEC03 onwards (community releases)\r\n2.5.7.SR02 (subscription customers)\r\n\r\nCredit:\r\nThis issue was discovered by Stefano Di Paola, Minded Security and Arshan Dabirsiaghi, Aspect Security.\r\n\r\nHistory:\r\n2011-09-09: Original advisory\r\n\r\nReferences:\r\n[1] http://bit.ly/ExpressionLanguageInjection\r\n[2] http://www.springsource.com/security/cve-2011-2730", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "id": "SECURITYVULNS:DOC:27011", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27011", "title": "CVE-2011-2730: Spring Framework Information Disclosure", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2504-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nJune 28, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libspring-2.5-java\r\nVulnerability : information disclosure\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2730\r\nDebian Bug : 677814\r\n\r\nIt was discovered that the Spring Framework contains an information\r\ndisclosure vulnerability in the processing of certain Expression\r\nLanguage (EL) patterns, allowing attackers to access sensitive\r\ninformation using HTTP requests.\r\n\r\nNOTE: This update adds a springJspExpressionSupport context parameter\r\nwhich must be manually set to false when the Spring Framework runs\r\nunder a container which provides EL support itself.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.5.6.SEC02-2+squeeze1.\r\n\r\nWe recommend that you upgrade your libspring-2.5-java packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJP7KMbAAoJEL97/wQC1SS+Dz0IAJvg4eivzo+4NfdJWpP0V7C9\r\nXE6ZbF20GP8vFjrYaen7lMDi39kqIeD4PK9FNXlnsEExCvNslw90zaaSLpuO7YQ+\r\nRquCrBDP9dtKWZU4K4iBWJwXcTohRSKzspYYIUwJ+DgslOiZ6SV/VnxS/xIeBYuX\r\nmwUGk5gxZ0G60Rh0/33TXM/jCX61lFrPlmMBzM/sDS2rhw5adT9aljbcD2SdrvEp\r\nh0wRBXMJlOSTLgC6hiGQHAJ0Maz85PCMX1whaAVpudmOhgpGOmbOdPfHZ87i66HU\r\nZzCgTgfx+VF989krdguEmEAwvBS00P35BlBaeQ40hZwdzoe/DqbWi+4mrA6X4WQ=\r\n=ocQ7\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "SECURITYVULNS:DOC:28237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28237", "title": "[SECURITY] [DSA 2504-1] libspring-2.5-java security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "id": "SECURITYVULNS:VULN:11900", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11900", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:59:10", "bulletinFamily": "exploit", "description": "Bugtraq ID: 49543\r\nCVE ID\uff1aCVE-2011-2730\r\n\r\nSpring Framework\u662f\u4e00\u4e2a\u5f00\u6e90\u7684Java\uff0fJava EE\u5168\u529f\u80fd\u6808\uff08full-stack\uff09\u7684\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c \u4ee5Apache\u8bb8\u53ef\u8bc1\u5f62\u5f0f\u53d1\u5e03\uff0c\u4e5f\u6709.NET\u5e73\u53f0\u4e0a\u7684\u79fb\u690d\u7248\u672c\u3002\r\n\u5728JSP 2.0\u4e4b\u524d\uff0c\u8868\u8fbe\u5f0f\u8bed\u8a00\u4e0d\u88ab\u652f\u6301\u3002\u8981\u5728\u57fa\u4e8e\u65e9\u671fJSP\u89c4\u8303\u7684WEB\u5e94\u7528\u7a0b\u5e8f\u4e2d\u4f7f\u7528EL\uff0c\u4e00\u4e9bSpring MVC\u6807\u7b7e\u63d0\u4f9b\u5bf9Servlet/JSP\u5bb9\u6613\u7684EL\u72ec\u7acb\u652f\u6301\u3002\u9ed8\u8ba4\u542f\u7528\u5bf9EL\u6c42\u503c\u3002\u5f53\u4f7f\u7528\u652f\u6301EL\u7684\u5bb9\u5668\u65f6\uff0cEL\u4e2d\u7684\u5c5e\u6027\u4f1a\u88ab\u6c42\u503c\u4e24\u6b21\uff0c\u4e00\u6b21\u5bb9\u5668\u53e6\u4e00\u6b21\u4e3atab\u3002\u8fd9\u53ef\u5bfc\u81f4\u4e0d\u53ef\u671f\u7684\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002\r\n0\r\nSpringSource Spring Framework 3.0.5\r\n SpringSource Spring Framework 3.0.3\r\n SpringSource Spring Framework 3.0.2\r\n SpringSource Spring Framework 3.0.1\r\n SpringSource Spring Framework 3.0\r\n SpringSource Spring Framework 2.5.7\r\n SpringSource Spring Framework 2.5.6\r\n SpringSource Spring Framework 2.5.6\r\n SpringSource Spring Framework 2.5.5\r\n SpringSource Spring Framework 2.5.5\r\n SpringSource Spring Framework 2.5.4\r\n SpringSource Spring Framework 2.5.4\r\n SpringSource Spring Framework 2.5.3\r\n SpringSource Spring Framework 2.5.3\r\n SpringSource Spring Framework 2.5.2\r\n SpringSource Spring Framework 2.5.2\r\n SpringSource Spring Framework 2.5.1\r\n SpringSource Spring Framework 2.5.1\r\n SpringSource Spring Framework 2.5\r\n SpringSource Spring Framework 2.5\r\n SpringSource Spring Framework 2.5.7 SR1 (Subscript\r\n SpringSource Spring Framework 2.5.6.SEC02\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.springsource.com/security/cve-2011-2730", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20927", "id": "SSV:20927", "title": "Spring Framework\u8868\u8fbe\u5f0f\u8bed\u8a00JSP\u5c5e\u6027\u5904\u7406\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(cve-2011-2730)", "type": "seebug", "sourceData": "\n \u5411\u5305\u542b\u5982\u4e0b\u4ee3\u7801\u7684\u9875\u9762\uff1a\r\n<spring:message code="${param['message']}" text=""/>\r\n\u63d0\u4ea4\u5982\u4e0b\u5f62\u5f0f\u7684\u8bf7\u6c42\uff1a\r\nhttp:///vulnerable.com/foo?message=${applicationScope}\r\n\u4f1a\u8f93\u51fa\u5305\u542bclasspath\uff0c\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\uff0c\u4f1a\u8bddID\u7b49\u670d\u52a1\u5668\u4fe1\u606f\u3002\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20927"}], "nessus": [{"lastseen": "2019-01-16T20:14:01", "bulletinFamily": "scanner", "description": "It was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.\n\nNOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.", "modified": "2018-11-10T00:00:00", "published": "2012-06-29T00:00:00", "id": "DEBIAN_DSA-2504.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59782", "title": "Debian DSA-2504-1 : libspring-2.5-java - information disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2504. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59782);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-2730\");\n script_bugtraq_id(49543);\n script_xref(name:\"DSA\", value:\"2504\");\n\n script_name(english:\"Debian DSA-2504-1 : libspring-2.5-java - information disclosure\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.\n\nNOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libspring-2.5-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2504\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libspring-2.5-java packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.6.SEC02-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libspring-aop-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-aspects-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-beans-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-context-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-context-support-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-core-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-jdbc-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-jms-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-orm-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-test-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-tx-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-web-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-webmvc-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-webmvc-portlet-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libspring-webmvc-struts-2.5-java\", reference:\"2.5.6.SEC02-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:04", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.", "modified": "2018-11-26T00:00:00", "published": "2014-11-08T00:00:00", "id": "REDHAT-RHSA-2013-0197.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78947", "title": "RHEL 4 : JBoss EWP (RHSA-2013:0197)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78947);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0197\");\n\n script_name(english:\"RHEL 4 : JBoss EWP (RHSA-2013:0197)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"google-guice-2.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-javadoc-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-javadoc-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"javassist-3.12.0-6.SP1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-core-2.2.21-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-vfs2-2.2.1-2.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-client-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-tp-licenses-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-web-ws-native-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-cxf-ewp-5.2.0-8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jgroups-2.6.22-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-as-5-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-federation-2.1.5-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-ewp-docs-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-ewp-docs-examples-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-common-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-client-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-comm-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-domain-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-gui-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-native-system-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-container-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-util-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jboss-as-common-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-modules-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-platform-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-plugins-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wss4j-1.5.12-4.2_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-security-1.5.1-2.ep5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:04", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.", "modified": "2018-11-26T00:00:00", "published": "2014-11-08T00:00:00", "id": "REDHAT-RHSA-2013-0195.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78945", "title": "RHEL 6 : JBoss EWP (RHSA-2013:0195)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0195. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78945);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0195\");\n\n script_name(english:\"RHEL 6 : JBoss EWP (RHSA-2013:0195)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hsqldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0195\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"aopalliance-1.0-5.3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bsh2-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bsh2-bsf-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"google-guice-2.0-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-javadoc-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-javadoc-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hsqldb-1.8.0.10-11_patch_01.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"javassist-3.12.0-6.SP1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-pojo-3.0.1-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cl-2.0.11-4.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-common-beans-1.0.1-2.Final.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-common-core-2.2.21-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-interceptors-1.0.9-0.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-transactions-1.0.2-1.6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-reflect-2.0.4-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-14.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-client-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-tp-licenses-5.2.0-8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-web-ws-native-5.2.0-16.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-cxf-ewp-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.6.1-12.CP13.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-javadoc-4.6.1-12.CP13.7.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jgroups-2.6.22-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-as-5-plugin-3.0.0-16.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-federation-2.1.5-3.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-examples-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-javadoc-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-manual-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rh-ewp-docs-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rh-ewp-docs-examples-5.2.0-11.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wss4j-1.5.12-4_patch_02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-security-1.5.1-2.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:35:56", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.", "modified": "2014-05-02T00:00:00", "published": "2013-01-24T00:00:00", "id": "REDHAT-RHSA-2013-0191.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64078", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2013:0191)", "sourceData": "# @DEPRECATED@\n#\n# Disabled on 2013/06/06.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0191. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64078);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2014/05/02 20:36:57 $\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_osvdb_id(75264, 78259, 82781, 83085, 84530, 84730, 87950, 88094, 89578, 89579, 89580, 89581, 89582, 89583);\n script_xref(name:\"RHSA\", value:\"2013:0191\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2013:0191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4575.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-2377.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-2379.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3370.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/knowledge/docs/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hsqldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated\nexit(0, \"This plugin has been temporarily deprecated.\");\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", reference:\"aopalliance-1.0-5.3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"bsh2-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"bsh2-bsf-2.0-0.b4.15.patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"google-guice-2.0-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.6.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-javadoc-3.3.2-1.9.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hibernate3-search-javadoc-3.1.1-2.5.GA_CP05.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"hsqldb-1.8.0.10-11_patch_01.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"javassist-3.12.0-6.SP1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cache-pojo-3.0.1-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cl-2.0.11-4.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-common-beans-1.0.1-2.Final.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-common-core-2.2.21-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-interceptors-1.0.9-0.2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb3-transactions-1.0.2-1.6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-reflect-2.0.4-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-14.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-client-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-hornetq-5.2.0-7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-messaging-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-tp-licenses-5.2.0-8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-cxf-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossas-ws-native-5.2.0-16.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.6.1-12.CP13.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossts-javadoc-4.6.1-12.CP13.7.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jgroups-2.6.22-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-as-5-plugin-3.0.0-16.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"netty-3.2.5-6.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-federation-2.1.5-3.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-examples-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-javadoc-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"resteasy-manual-1.2.1-17.CP02_patch02.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rh-eap-docs-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rh-eap-docs-examples-5.2.0-10.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"wss4j-1.5.12-4_patch_02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"xml-security-1.5.1-2.ep5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:29", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.", "modified": "2018-11-26T00:00:00", "published": "2013-01-24T00:00:00", "id": "REDHAT-RHSA-2013-0192.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64079", "title": "RHEL 5 : JBoss EAP (RHSA-2013:0192)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0192. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64079);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_bugtraq_id(51392, 53877, 54183, 54631, 54915, 55770, 56812);\n script_xref(name:\"RHSA\", value:\"2013:0192\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2013:0192)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-ant-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-dbutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugindoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-filetemplate-bundle-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugin-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginAnnotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-pluginGen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-rtfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0192\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-client-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"google-guice-2.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-javadoc-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-javadoc-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"javassist-3.12.0-6.SP1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-core-2.2.21-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jpa-deployers-1.0.0-6.1SP2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-naming-5.0.3-5.1.CP02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-client-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-hornetq-5.2.0-5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-messaging-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-tp-licenses-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-cxf-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-native-5.2.0-14.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbosssx2-2.0.5-8.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-2.6.22-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-as-5-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"netty-3.2.5-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-federation-2.1.5-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-examples-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-ant-bundle-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-dbutils-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugindoc-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-filetemplate-bundle-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-helpers-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugin-validator-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-pluginAnnotations-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-pluginGen-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-rtfilter-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wss4j-1.5.12-4.1_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-security-1.5.1-2.ep5.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:29", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.", "modified": "2018-11-26T00:00:00", "published": "2013-01-24T00:00:00", "id": "REDHAT-RHSA-2013-0193.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64080", "title": "RHEL 4 : JBoss EAP (RHSA-2013:0193)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64080);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0193\");\n\n script_name(english:\"RHEL 4 : JBoss EAP (RHSA-2013:0193)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform 5.2.0 packages that fix\nmultiple security issues, various bugs, and add several enhancements\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Application Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Application Platform 5.1.2, and\nincludes bug fixes and enhancements. Refer to the JBoss Enterprise\nApplication Platform 5.2.0 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0193\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jbossas-client-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"google-guice-2.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-javadoc-3.3.2-1.6.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-search-javadoc-3.1.1-2.3.GA_CP05.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hornetq-2.2.24-1.EAP.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"hornetq-native-2.2.20-1.EAP.GA.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"javassist-3.12.0-6.SP1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-core-2.2.21-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-jpa-deployers-1.0.0-6.SP2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-messaging-1.4.8-12.SP9.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-naming-5.0.3-5.CP02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-vfs2-2.2.1-2.GA.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-client-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-hornetq-5.2.0-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-messaging-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-tp-licenses-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-cxf-5.2.0-8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-ws-native-5.2.0-14.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbosssx2-2.0.5-8.3.SP3_1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jgroups-2.6.22-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-as-5-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"netty-3.2.5-6.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-federation-2.1.5-3.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-examples-5.2.0-7.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-common-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-client-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-comm-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-domain-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-gui-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-native-system-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-api-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-plugin-container-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-core-util-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jboss-as-common-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-modules-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-platform-plugin-3.0.0-15.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhq-plugins-parent-3.0.0-22.EmbJopr5.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wss4j-1.5.12-4.2_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xml-security-1.5.1-2.ep5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:04", "bulletinFamily": "scanner", "description": "Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.", "modified": "2018-11-26T00:00:00", "published": "2014-11-08T00:00:00", "id": "REDHAT-RHSA-2013-0196.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78946", "title": "RHEL 5 : JBoss EWP (RHSA-2013:0196)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0196. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78946);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5066\", \"CVE-2011-1096\", \"CVE-2011-2487\", \"CVE-2011-2730\", \"CVE-2011-2908\", \"CVE-2011-4575\", \"CVE-2012-0034\", \"CVE-2012-0874\", \"CVE-2012-2377\", \"CVE-2012-2379\", \"CVE-2012-3369\", \"CVE-2012-3370\", \"CVE-2012-3546\", \"CVE-2012-5478\");\n script_xref(name:\"RHSA\", value:\"2013:0196\");\n\n script_name(english:\"RHEL 5 : JBoss EWP (RHSA-2013:0196)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple\nsecurity issues, various bugs, and add several enhancements are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThis JBoss Enterprise Web Platform 5.2.0 release serves as a\nreplacement for JBoss Enterprise Web Platform 5.1.2, and includes bug\nfixes and enhancements. As JBoss Enterprise Web Platform is a subset\nof JBoss Enterprise Application Platform, refer to the JBoss\nEnterprise Application Platform 5.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes will be\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain\ntext of a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing\nsymmetric keys (for XML encryption), allowing a remote attacker to\nrecover the entire plain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary\ncode in the context of the application server, or to obtain sensitive\ninformation from the server. Manual action is required to apply this\nfix. Refer to the Solution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by\na Supporting Token, but not whether the correct token was used. A\nremote attacker could transmit confidential information without the\nappropriate security, and potentially circumvent access controls on\nweb services exposed via Apache CXF. Refer to the Solution section for\ndetails. (CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another\ncomponent that calls request.setUserPrincipal() before the call to\nFormAuthenticator# authenticate() (such as the Single-Sign-On valve),\nit was possible to bypass the security constraint checks in the FORM\nauthenticator by appending '/ j_security_check' to the end of a URL.\n(CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote\nattacker to hijack the authenticated JMX Console session of an\nadministrator. (CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential\nif no security context was provided. Depending on the deployed\napplications, this could possibly allow a remote attacker to hijack\nthe credentials of a previously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing\nlocal users to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain\ntext when an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the\nlog file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct\nexploitation of this flaw. If the interceptor was misconfigured or\ninadvertently disabled, this flaw could lead to arbitrary code\nexecution in the context of the user running the JBoss server.\n(CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication\nwhen a JGroups channel was started, allowing attackers on the adjacent\nnetwork to read diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call\nif a null password was provided. In non-default configurations this\ncould possibly lead to a remote attacker hijacking a\npreviously-authenticated user's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project\nfor reporting CVE-2012-2379; and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by\nCarlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of\nRed Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and\nCVE-2012-2377 was discovered by Red Hat.\"\n );\n # https://access.redhat.com/knowledge/docs/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0874\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aopalliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bsh2-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:google-guice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-search-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb-jboss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cluster-ha-server-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-eap5-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-interceptors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-metrics-deployer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-timeout-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jacc-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jad-1.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-javaee-poms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jca-1.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-1.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jpa-deployers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-reflect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.0.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-tp-licenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-web-ws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-ws-cxf-ewp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbosssx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-framework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-hibernate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-as-5-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jopr-jboss-cache-v3-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-jbossweb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-idp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-pdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-quickstarts-sts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-ewp-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-common-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-client-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-comm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-native-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-plugin-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-core-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jboss-as-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-jmx-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-modules-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-platform-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhq-plugins-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-beans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spring2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-j2-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.1-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.2-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-jaxp-1.3-apis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-which11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-security\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0196\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jboss-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"aopalliance-1.0-5.2.jdk6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-6.1.patch_04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bsh2-bsf-2.0-0.b4.15.1.patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaxb-2.1.12-12_patch_03.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"google-guice-2.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-javadoc-3.3.2-1.5.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-search-javadoc-3.1.1-2.4.GA_CP05.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jacorb-jboss-2.3.2-2.jboss_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"javassist-3.12.0-6.SP1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-aop2-2.1.6-5.CP06.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-bootstrap-1.0.2-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-core-3.2.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-pojo-3.0.1-1.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cl-2.0.11-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cluster-ha-server-api-1.2.1-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-beans-1.0.1-2.1.Final.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-core-2.2.21-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jboss-eap5-native-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb-3.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-cache-1.0.0-4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-core-1.3.9-0.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-1.0.0-4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-ext-api-impl-1.0.0-3.7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-interceptors-1.0.9-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metadata-1.0.0-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-metrics-deployer-1.1.1-0.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-security-1.0.2-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-3.0-api-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-timeout-spi-0.1.1-0.5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb3-transactions-1.0.2-1.4.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jacc-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jad-1.2-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaspi-1.0-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-javaee-poms-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaxrpc-api_1.1_spec-1.0.0-16.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jca-1.5-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jms-1.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jpa-deployers-1.0.0-6.1SP2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logmanager-1.1.2-6.GA_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-naming-5.0.3-5.1.CP02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-reflect-2.0.4-2.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting-2.5.4-10.SP4.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-negotiation-2.1.3-1.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-spi-2.0.5-4.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-1.0.1-api-5.0.2-2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-vfs2-2.2.1-4.GA.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-client-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-tp-licenses-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-web-ws-native-5.2.0-8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-ws-cxf-ewp-5.2.0-7.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbosssx2-2.0.5-8.SP3_1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-javadoc-4.6.1-12.CP13.8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.13-2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-3.1.2-13.SP15_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-common-1.1.0-9.SP10.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-framework-3.1.2-9.SP13.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-spi-1.1.2-6.SP8.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-2.6.22-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-embedded-1.3.4-19.SP6.9.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-hibernate-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-as-5-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jopr-jboss-cache-v3-plugin-3.0.0-15.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-demo-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossas-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-jbossweb2-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.0.10-10.GA_CP04_patch01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat6-1.0.10-12.2.GA_CP04.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-federation-2.1.5-3.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-idp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-pdp-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-quickstarts-sts-2.1.5-1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-examples-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-javadoc-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-manual-1.2.1-18.CP02_patch02.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-ewp-docs-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-ewp-docs-examples-5.2.0-6.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-common-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-client-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-comm-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-domain-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-gui-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-native-system-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-api-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-plugin-container-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-core-util-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jboss-as-common-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-jmx-plugin-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-modules-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-platform-plugin-3.0.0-14.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhq-plugins-parent-3.0.0-21.EmbJopr5.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-agent-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-all-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-aop-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-beans-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-context-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"spring2-core-2.5.6-9.SEC03.1.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wss4j-1.5.12-4.1_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xerces-j2-scripts-2.9.1-10.patch02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.1-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.2-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-jaxp-1.3-apis-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver12-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which10-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-which11-1.3.04-8.2_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-security-1.5.1-2.ep5.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aopalliance / apache-cxf / bsh2 / bsh2-bsf / glassfish-jaxb / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:23", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2504-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJune 28, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libspring-2.5-java\nVulnerability : information disclosure\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2730\nDebian Bug : 677814\n\nIt was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.\n\nNOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.6.SEC02-2+squeeze1.\n\nWe recommend that you upgrade your libspring-2.5-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-06-28T18:10:38", "published": "2012-06-28T18:10:38", "id": "DEBIAN:DSA-2504-1:AEED7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00144.html", "title": "[SECURITY] [DSA 2504-1] libspring-2.5-java security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libspring-2.5-java\nannounced via advisory DSA 2504-1.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71483", "id": "OPENVAS:71483", "title": "Debian Security Advisory DSA 2504-1 (libspring-2.5-java)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2504_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2504-1 (libspring-2.5-java)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.\n\nNOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.6.SEC02-2+squeeze1.\n\nWe recommend that you upgrade your libspring-2.5-java packages.\";\ntag_summary = \"The remote host is missing an update to libspring-2.5-java\nannounced via advisory DSA 2504-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202504-1\";\n\nif(description)\n{\n script_id(71483);\n script_cve_id(\"CVE-2011-2730\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:37 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2504-1 (libspring-2.5-java)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libspring-aop-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-aspects-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-beans-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-context-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-context-support-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-core-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-jdbc-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-jms-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-orm-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-test-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-tx-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-web-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-portlet-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-struts-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libspring-2.5-java\nannounced via advisory DSA 2504-1.", "modified": "2018-04-06T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071483", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071483", "title": "Debian Security Advisory DSA 2504-1 (libspring-2.5-java)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2504_1.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from advisory DSA 2504-1 (libspring-2.5-java)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.\n\nNOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.6.SEC02-2+squeeze1.\n\nWe recommend that you upgrade your libspring-2.5-java packages.\";\ntag_summary = \"The remote host is missing an update to libspring-2.5-java\nannounced via advisory DSA 2504-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202504-1\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71483\");\n script_cve_id(\"CVE-2011-2730\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:37 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2504-1 (libspring-2.5-java)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libspring-aop-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-aspects-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-beans-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-context-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-context-support-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-core-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-jdbc-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-jms-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-orm-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-test-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-tx-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-web-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-portlet-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspring-webmvc-struts-2.5-java\", ver:\"2.5.6.SEC02-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:43", "bulletinFamily": "unix", "description": "Security:\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. (CVE-2011-2730)\n\nNote: Manual action is required to apply the fix for CVE-2011-2730. If your\nsystem has deployed applications which use Spring framework, the context\nparameter \"springJspExpressionSupport\" must be set to \"false\" to mitigate\nthis flaw, for example, in the application's web.xml file. This will\nprevent the double-evaluation of EL expressions that led to this flaw.\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in JRuby. An attacker able to supply a large number of\ninputs to a JRuby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, the Murmur\nhash function has been replaced with the Perl hash function.\n(CVE-2012-5370)\n\nNote: JBoss Enterprise SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2012-5370 flaw\nis not exposed unless the version of JRuby shipped with that quickstart is\nused by a deployed, custom application.\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum\nfor reporting CVE-2011-2487, and Tyler Krpata for reporting CVE-2011-4575.\nThe CVE-2012-3370 and CVE-2012-3369 issues were discovered by Carlo de Wolf\nof Red Hat; CVE-2012-5478 was discovered by Derek Horton of Red Hat; and \nCVE-2012-0874 was discovered by David Jorm of the Red Hat Security Response\nTeam.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise SOA Platform 5.3.0 as provided from the Red\nHat Customer Portal are advised to upgrade to JBoss Enterprise SOA Platform\n5.3.1.\n", "modified": "2017-07-25T00:13:52", "published": "2013-02-20T05:00:00", "id": "RHSA-2013:0533", "href": "https://access.redhat.com/errata/RHSA-2013:0533", "type": "redhat", "title": "(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-06T23:50:58", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2018-06-07T02:37:45", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0194", "href": "https://access.redhat.com/errata/RHSA-2013:0194", "type": "redhat", "title": "(RHSA-2013:0194) Important: JBoss Enterprise Application Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:10:38", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2018-06-07T02:39:14", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0198", "href": "https://access.redhat.com/errata/RHSA-2013:0198", "type": "redhat", "title": "(RHSA-2013:0198) Important: JBoss Enterprise Web Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T22:57:55", "bulletinFamily": "unix", "description": "Security fixes:\n\nAn attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if no\nsecurity context was provided. Depending on the deployed applications, this\ncould possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific roles\ndid not actually restrict access, allowing remote attackers with valid JMX\nInvoker credentials to perform JMX operations accessible to roles they are\nnot a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nIt was found that NonManagedConnectionFactory would log the username and\npassword in plain text when an exception was thrown. This could lead to the\nexposure of authentication credentials if local users had permissions to\nread the log file. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487, and Tyler Krpata for reporting\nCVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de\nWolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; and\nCVE-2012-0874 was discovered by David Jorm of the Red Hat Security Response\nTeam.\n", "modified": "2017-07-25T00:13:43", "published": "2013-01-31T05:00:00", "id": "RHSA-2013:0221", "href": "https://access.redhat.com/errata/RHSA-2013:0221", "type": "redhat", "title": "(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:45:40", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2016-04-04T18:31:19", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0192", "href": "https://access.redhat.com/errata/RHSA-2013:0192", "type": "redhat", "title": "(RHSA-2013:0192) Important: JBoss Enterprise Application Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:41", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2018-06-07T02:39:14", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0195", "href": "https://access.redhat.com/errata/RHSA-2013:0195", "type": "redhat", "title": "(RHSA-2013:0195) Important: JBoss Enterprise Web Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:33", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2016-04-04T18:31:35", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0196", "href": "https://access.redhat.com/errata/RHSA-2013:0196", "type": "redhat", "title": "(RHSA-2013:0196) Important: JBoss Enterprise Web Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:09", "bulletinFamily": "unix", "description": "An attack technique against the W3C XML Encryption Standard when block\nciphers were used in CBC mode could allow a remote attacker to conduct\nchosen-ciphertext attacks, leading to the recovery of the entire plain text\nof a particular cryptogram. (CVE-2011-1096)\n\nJBoss Web Services leaked side-channel data when distributing symmetric\nkeys (for XML encryption), allowing a remote attacker to recover the entire\nplain text form of a symmetric key. (CVE-2011-2487)\n\nSpring framework could possibly evaluate Expression Language (EL)\nexpressions twice, allowing a remote attacker to execute arbitrary code in\nthe context of the application server, or to obtain sensitive information\nfrom the server. Manual action is required to apply this fix. Refer to the\nSolution section. (CVE-2011-2730)\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. Refer to the Solution section for details.\n(CVE-2012-2379)\n\nWhen an application used FORM authentication, along with another component\nthat calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. (CVE-2012-3546)\n\nThe JMX Console was vulnerable to CSRF attacks, allowing a remote attacker\nto hijack the authenticated JMX Console session of an administrator.\n(CVE-2011-2908)\n\nAn XSS flaw allowed a remote attacker to perform an XSS attack against\nvictims using the JMX Console. (CVE-2011-4575)\n\nSecurityAssociation.getCredential() returned the previous credential if\nno security context was provided. Depending on the deployed applications,\nthis could possibly allow a remote attacker to hijack the credentials of a\npreviously-authenticated user. (CVE-2012-3370)\n\nConfiguring the JMX Invoker to restrict access to users with specific\nroles did not actually restrict access, allowing remote attackers with\nvalid JMX Invoker credentials to perform JMX operations accessible to\nroles they are not a member of. (CVE-2012-5478)\n\ntwiddle.sh accepted credentials as command line arguments, allowing local\nusers to view them via a process listing. (CVE-2009-5066)\n\nNonManagedConnectionFactory logged the username and password in plain text\nwhen an exception was thrown. This could lead to the exposure of\nauthentication credentials if local users had permissions to read the log\nfile. (CVE-2012-0034)\n\nThe JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow\nunauthenticated access by default in some profiles. The security\ninterceptor's second layer of authentication prevented direct exploitation\nof this flaw. If the interceptor was misconfigured or inadvertently\ndisabled, this flaw could lead to arbitrary code execution in the context\nof the user running the JBoss server. (CVE-2012-0874)\n\nThe JGroups diagnostics service was enabled with no authentication when a\nJGroups channel was started, allowing attackers on the adjacent network to\nread diagnostic information. (CVE-2012-2377)\n\nCallerIdentityLoginModule retained the password from the previous call if a\nnull password was provided. In non-default configurations this could\npossibly lead to a remote attacker hijacking a previously-authenticated\nuser's session. (CVE-2012-3369)\n\nRed Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for\nreporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for\nreporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.\nCVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red\nHat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874\ndiscovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by\nRed Hat.\n", "modified": "2018-06-07T02:37:46", "published": "2013-01-24T05:00:00", "id": "RHSA-2013:0191", "href": "https://access.redhat.com/errata/RHSA-2013:0191", "type": "redhat", "title": "(RHSA-2013:0191) Important: JBoss Enterprise Application Platform 5.2.0 update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:54", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017-3236622", "href": "", "title": "Oracle Critical Patch Update - July 2017", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}