SB2018042609 - Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2018-1047)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method due to path traversal. A remote attacker can gain access to arbitrary local files.

2) HTTP response splitting (CVE-ID: CVE-2018-1067)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Undertow web server due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

3) Improper access control (CVE-ID: CVE-2018-8088)

The vulnerability allows a remote unauthenticated attacker to bypass access restrictions on the target system.

The weakness exists in the org.slf4j.ext.EventData class due to improper security restrictions. A remote attacker can send specially crafted input, bypass access restrictions and gain unauthorized access to perform further attacks.

4) Information disclosure (CVE-ID: CVE-2016-4993)

The disclosed vulnerability allows a remote attacker to disclose potentially sensitive data.

The vulnerability is caused by a parsing error when handling specially crafted URLs. A remote attacker can trigger the application to return a split query, which can  lead to content spoofing and cache poisoning attacks. 

Successful exploitation of this vulnerability may allow a remote attacker to get access to potentially sensitive information or perform phishing attacks.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2018:1251