Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.21



Published: 2018-09-24
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2017-2582
CVE-2017-7536
CVE-2018-13366
CVE-2018-1336
CVE-2018-10237
CWE-ID CWE-200
CWE-264
CWE-835
CWE-789
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
JBoss Enterprise Application Platform
Server applications / Application servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU14267

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2582

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the StaxParserUtil class of the Picketlink feature due to improper parsing of Security Assertion Markup Language (SAML) messages. A remote attacker can send a specially crafted SAML request that submits malicious input and access sensitive information, such as values of system properties.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 6.4.0

External links

http://access.redhat.com/errata/RHSA-2018:2742


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Privilege escalation

EUVDB-ID: #VU9130

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7536

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to the security manager's reflective permissions are granted to Hibernate Validator. A local attacker can allow the calling code to access private members without the permission, validate an invalid instance, access the private member value via ConstraintViolation#getInvalidValue() and gain execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 6.4.0

External links

http://access.redhat.com/errata/RHSA-2018:2742


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU16173

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13366

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote to obtain potentially sensitive information.

The weakness exists due to Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol. A remote attacker can gain access to arbitrary data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 6.4.0

External links

http://access.redhat.com/errata/RHSA-2018:2742


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU13986

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1336

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handing of overflow in the UTF-8 decoder with supplementary characters. A remote attacker can send trigger an infinite loop in the decoder and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 6.4.0

External links

http://access.redhat.com/errata/RHSA-2018:2742


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Uncontrolled memory allocation

EUVDB-ID: #VU12886

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10237

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to unbounded memory allocation. A remote attacker can cause the service to crash and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 6.4.0

External links

http://access.redhat.com/errata/RHSA-2018:2742


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###