- Home
- CVEs with nessus.description==Updated+JBoss+Enterprise+Application+Platform+%28JBEAP%29+4.3+packages+that+fix+various+security+issues+are+now+available+for+Red+Hat+Enterprise+Linux+4+as+JBEAP+4.3.0.CP02.%0A%0AThis+update+has+been+rated+as+having+low+security+impact+by+the+Red+Hat+Security+Response+Team.%0A%0AJBoss+Enterprise+Application+Platform+is+the+market+leading+platform+for+innovative+and+scalable+Java+applications%3B+integrating+the+JBoss+Application+Server%2C+with+JBoss+Hibernate+and+JBoss+Seam+into+a+complete%2C+simple+enterprise+solution.%0A%0AThis+release+of+JBEAP+for+Red+Hat+Enterprise+Linux+4+serves+as+a+replacement+to+JBEAP+4.3.0.CP01.%0A%0AThese+updated+packages+include+bug+fixes+and+enhancements+which+are+detailed+in+the+release+notes.+The+link+to+the+release+notes+is+available+below+in+the+References+section.%0A%0AThe+following+security+issues+are+also+fixed+with+this+release+%3A%0A%0AThe+default+security+policy+in+the+JULI+logging+component+did+not+restrict+access+permissions+to+files.+This+could+be+misused+by+untrusted+web+applications+to+access+and+write+arbitrary+files+in+the+context+of+the+tomcat+process.+%28CVE-2007-5342%29%0A%0AThe+property+that+controls+the+download+of+server+classes+was+set+to+%27true%27+in+the+%27production%27+configuration.+When+the+class+download+service+is+bound+to+an+external+interface%2C+a+remote+attacker+was+able+to+download+arbitrary+class+files+from+the+server+class+path.%0A%28CVE-2008-3519%29%0A%0AWarning%3A+before+applying+this+update%2C+please+backup+the+JBEAP+%27server%2F%5Bconfiguration%5D%2Fdeploy%2F%27+directory%2C+and+any+other+customized+configuration+files.%0A%0AAll+users+of+JBEAP+4.3+on+Red+Hat+Enterprise+Linux+4+are+advised+to+upgrade+to+these+updated+packages%2C+which+resolve+these+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top