Executive Summary
Summary | |
---|---|
Title | Red Hat JBoss Enterprise Application Platform 7.2.0 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:0136 | First vendor Publication | 2019-01-22 |
Vendor | RedHat | Last vendor Modification | 2019-01-22 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.2.0, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.2 for RHEL 6 Server - i386, noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Security Fix(es): * picketlink: SAML request parser replaces special strings with system properties (CVE-2017-2582) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat). 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-0136.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3217.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3218.nasl - Type : ACT_GATHER_INFO |
2017-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3219.nasl - Type : ACT_GATHER_INFO |
2017-09-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2808.nasl - Type : ACT_GATHER_INFO |
2017-09-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2809.nasl - Type : ACT_GATHER_INFO |
2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2811.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2019-01-29 21:18:37 |
|