Executive Summary

Summary
Title Red Hat JBoss Enterprise Application Platform 7.2.0 security update
Informations
Name RHSA-2019:0137 First vendor Publication 2019-01-22
Vendor RedHat Last vendor Modification 2019-01-22
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.2.0, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64

3. Description:

This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7.

This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.0 Release Notes for information on the most significant bug fixes and enhancements included in this release.

All users of Red Hat JBoss Enterprise Application Platform 7.1 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

Security Fix(es):

* picketlink: picketlink-bindings: The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml (CVE-2017-2582)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat).

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-0137.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

Nessus® Vulnerability Scanner

Date Description
2017-11-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3217.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3218.nasl - Type : ACT_GATHER_INFO
2017-11-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3219.nasl - Type : ACT_GATHER_INFO
2017-09-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2808.nasl - Type : ACT_GATHER_INFO
2017-09-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2809.nasl - Type : ACT_GATHER_INFO
2017-09-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2811.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2019-01-29 21:18:37
  • First insertion