Red Hat update for Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8



Published: 2019-10-01
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2019-10184
CVE-2019-10202
CVE-2019-10212
CVE-2019-12086
CVE-2019-12384
CVE-2019-12814
CVE-2019-14379
CWE-ID CWE-200
CWE-20
CWE-532
CWE-502
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
Subscribe
JBoss Enterprise Application Platform
Server applications / Application servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Directory listing

EUVDB-ID: #VU20067

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10184

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect handling of requests without trailing slashes in the api. A remote attacker can send a specially crafted HTTP request to the affected server and predict directory structure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU21470

Risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-10202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to incorrect implementation of patch for Codehaus 1.9.x against insufficient data deserialization present in FasterXML jackson-databind. A remote attacker can bypass implemented protection measures and exploit known deserialization vulnerabilities in jackson-databind package.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU21469

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10212

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in Undertow DEBUG log implementation for io.undertow.request.security that stored user's credentials in plain text in a world-readable file. A local user can view contents of the debug file and gain access to login and passwords of Undertow users.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU19941

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-12086

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a polymorphic typing issue when Default Typing is enabled for an externally exposed JSON endpoint and the service has the mysql-connector-java jar in the classpath. A remote attacker can send a specially crafted JSON message and read arbitrary local files on the server due to the missing "com.mysql.cj.jdbc.admin.MiniAdmin" validation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Deserialization of Untrusted Data

EUVDB-ID: #VU19018

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12384

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to software allows the logback-core class to process polymorphic deserialization. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU18961

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12814

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to access sensitive information on a targeted system.

The vulnerability exist due to a polymorphic typing issue when Default Typing is enabled. A remote attacker can send a crafted JSON message that submits malicious input and gain access to sensitive information on the targeted system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU19933

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14379

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists due to the "SubTypeValidator.java" file mishandles default typing when Ehcache is used. A remote attacker can send a request that submits malicious input to the targeted system and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 7.2.0 - 7.2.3

External links

http://access.redhat.com/errata/RHSA-2019:2937


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###