Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 7 update for eap7-jboss-ec2-eap



Published: 2018-03-12
Risk High
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2017-12174
CVE-2017-12196
CVE-2017-15089
CVE-2017-15095
CVE-2017-17485
CVE-2017-7525
CVE-2017-7561
CVE-2018-1048
CVE-2018-5968
CWE-ID CWE-400
CWE-300
CWE-502
CWE-20
CWE-444
CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe 		eap7-jboss-ec2-eap (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Heap memory exhaustion

EUVDB-ID: #VU10382

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12174

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap memory exhaustion. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Man-in-the-middle attack

EUVDB-ID: #VU12802

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12196

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line when using Digest authentication. A remote attacker can conduct man-in-the-middle attack and gin access to potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Deserialization of untrusted data

EUVDB-ID: #VU10576

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15089

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary data on the target system.

The weakness exists due to unsafely read deserialized data on information from the cache. A remote attacker can inject specially-crafted serialized objects into data cache and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Remote code execution

EUVDB-ID: #VU9607

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deserialization of untrusted data

EUVDB-ID: #VU10257

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-17485

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the FasterXML jackson-databind library due to improper validation of user-input handled by the readValue method of the ObjectMapper object. A remote attacker can send malicious input to the vulnerable method of a web application that uses the Spring library in the application's classpath and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Deserialization of untrusted data

EUVDB-ID: #VU9128

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-7525

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU38291

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7561

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Path traversal

EUVDB-ID: #VU37591

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1048

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Deserialization of untrusted data

EUVDB-ID: #VU10610

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5968

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to deserialization flaw. A remote attacker can supply specially crafted input, execute arbitrary code and bypass a blacklist on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eap7-jboss-ec2-eap (Red Hat package): before 7.1.1-3.1.GA_redhat_3.ep7.el7

External links

http://access.redhat.com/errata/RHSA-2018:0481


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###