- Home
- CVEs with nessus.description==Updated+JBoss+Enterprise+Application+Platform+%28JBEAP%29+4.2+packages+that+fix+various+issues+are+now+available+for+Red+Hat+Enterprise+Linux+5+as+JBEAP+4.2.0.CP07.%0A%0AThis+update+has+been+rated+as+having+important+security+impact+by+the+Red+Hat+Security+Response+Team.%0A%0AJBoss+Enterprise+Application+Platform+is+the+market+leading+platform+for+innovative+and+scalable+Java+applications%3B+integrating+the+JBoss+Application+Server%2C+with+JBoss+Hibernate+and+JBoss+Seam+into+a+complete%2C+simple+enterprise+solution.%0A%0AThis+release+of+JBEAP+for+Red+Hat+Enterprise+Linux+5+serves+as+a+replacement+to+JBEAP+4.2.0.CP06.%0A%0AThese+updated+packages+include+bug+fixes+and+enhancements+which+are+detailed+in+the+release+notes.+The+link+to+the+release+notes+is+available+below+in+the+References+section+of+this+errata.%0A%0AThe+following+security+issues+are+also+fixed+with+this+release+%3A%0A%0AIt+was+discovered+that+request+dispatchers+did+not+properly+normalize+user+requests+that+have+trailing+query+strings%2C+allowing+remote+attackers+to+send+specially+crafted+requests+that+would+cause+an+information+leak.+%28CVE-2008-5515%29%0A%0AIt+was+discovered+that+the+error+checking+methods+of+certain+authentication+classes+did+not+have+sufficient+error+checking%2C+allowing+remote+attackers+to+enumerate+%28via+brute-force+methods%29+usernames+registered+with+applications+deployed+on+JBossWeb+when+FORM-based+authentication+was+used.+%28CVE-2009-0580%29%0A%0AIt+was+discovered+that+web+applications+containing+their+own+XML+parsers+could+replace+the+XML+parser+JBossWeb+uses+to+parse+configuration+files.+A+malicious+web+application+running+on+a+JBossWeb+instance+could+read+or%2C+potentially%2C+modify+the+configuration+and+XML-based+data+of+other+web+applications+deployed+on+the+same+JBossWeb+instance.+%28CVE-2009-0783%29%0A%0AWarning%3A+before+applying+this+update%2C+please+back+up+the+JBEAP+%27server%2F%5Bconfiguration%5D%2Fdeploy%2F%27+directory%2C+and+any+other+customized+configuration+files.%0A%0AAll+users+of+JBEAP+4.2+on+Red+Hat+Enterprise+Linux+5+are+advised+to+upgrade+to+these+updated+packages
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top