Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:0459
HistoryApr 30, 2014 - 6:58 p.m.

(RHSA-2014:0459) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update

2014-04-3018:58:30
access.redhat.com
23

0.478 Medium

EPSS

Percentile

97.5%

JSON

Red Hat JBoss Fuse Service Works is the next-generation ESB and business
process automation infrastructure. Red Hat JBoss Fuse Service Works allows
IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and
future (EDA and CEP) integration methodologies to dramatically improve
business process execution speed and quality.

This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse
Service Works 6.0.0. It includes various bug fixes, which are listed in the
README file included with the patch files.

The following security issues are also fixed with this release:

It was found that the Apache Camel XSLT component allowed XSL stylesheets
to call external Java methods. A remote attacker able to submit messages to
a Camel route could use this flaw to perform arbitrary remote code
execution in the context of the Camel server process. (CVE-2014-0003)

It was found that when JBoss Web processed a series of HTTP requests in
which at least one request contained either multiple content-length
headers, or one content-length header with a chunked transfer-encoding
header, JBoss Web would incorrectly handle the request. A remote attacker
could use this flaw to poison a web cache, perform cross-site scripting
(XSS) attacks, or obtain sensitive information from other requests.
(CVE-2013-4286)

It was found that the Apache Camel XSLT component would resolve entities in
XML messages when transforming them using an XSLT route. A remote attacker
able to submit messages to an XSLT Camel route could use this flaw to read
files accessible to the user running the application server and,
potentially, perform other more advanced XML External Entity (XXE) attacks.
(CVE-2014-0002)

A denial of service flaw was found in the way Apache Commons FileUpload,
which is embedded in the JBoss Web component of JBoss EAP, handled
small-sized buffers used by MultipartStream. A remote attacker could use
this flaw to create a malformed Content-Type header for a multipart
request, causing JBoss Web to enter an infinite loop when processing such
an incoming request. (CVE-2014-0050)

The CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of
the Red Hat Security Response Team.

All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this roll up patch.

Related

redhat 18
oraclelinux 2
openvas 31
nessus 33
centos 1
amazon 2
ubuntu 1
debian 2
securityvulns 5
ibm 33
seebug 6
cvelist 4
github 4
checkpoint_advisories 3
nvd 5
cve 5
ubuntucve 3
osv 5
prion 5
atlassian 3
debiancve 2
veracode 3
f5 2
exploitpack 1
mageia 4
jvn 1
fedora 3
tomcat 4
zdt 1
suse 1
exploitdb 1
vmware 2
gentoo 1
threatpost 1
huawei 1
redhat
redhat
(RHSA-2014:0452) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update
2014-04-30 00:00:00
(RHSA-2014:0323) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 security update
2014-03-24 17:55:48
(RHSA-2014:0429) Moderate: tomcat6 security update
2014-04-23 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-0429)
2015-10-06 00:00:00
RedHat Update for tomcat6 RHSA-2014:0429-01
2014-05-02 00:00:00
Ubuntu Update for tomcat7 USN-2130-1
2014-03-12 00:00:00
nessus
nessus
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)
2014-06-26 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
2014-03-07 00:00:00
Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140423)
2014-04-24 00:00:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
Medium: tomcat7
2014-03-24 23:36:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
2014-02-07 22:59:08
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
2014-03-31 00:00:00
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
2014-02-28 00:00:00
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-4286)
2018-06-17 04:53:14
Security Bulletin: Open Source Apache Tomcat - 4 issues (CVE-2013-4286) for RAF
2018-06-17 04:55:52
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:46
seebug
seebug
Apache Camel远程代码执行漏洞(CVE-2014-0003)
2014-03-04 00:00:00
Apache Camel XSLT XML外部实体漏洞(CVE-2014-0002)
2014-03-05 00:00:00
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
2014-02-13 00:00:00
cvelist
cvelist
CVE-2014-0003
2014-03-20 19:00:00
CVE-2014-0002
2014-03-20 19:00:00
CVE-2014-0050
2014-03-28 19:00:00
github
github
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
2018-10-16 23:13:49
Apache Camel's XSLT component allows remote attackers to read arbitrary files
2018-10-16 23:13:26
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
checkpoint_advisories
checkpoint_advisories
Apache Camel XSLT Component Java Code Execution (CVE-2014-0003)
2014-10-22 00:00:00
Apache Camel XSLT Component XML External Entity (CVE-2014-0002)
2014-04-03 00:00:00
Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)
2014-03-16 00:00:00
nvd
nvd
CVE-2014-0003
2014-03-21 04:38:59
CVE-2014-0050
2014-04-01 06:27:51
CVE-2014-0002
2014-03-21 04:38:59
cve
cve
CVE-2014-0003
2014-03-21 04:38:59
CVE-2014-0002
2014-03-21 04:38:59
CVE-2014-0050
2014-04-01 06:27:51
ubuntucve
ubuntucve
CVE-2014-0003
2014-03-21 00:00:00
CVE-2014-0050
2014-02-07 00:00:00
CVE-2013-4286
2014-02-26 00:00:00
osv
osv
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
2018-10-16 23:13:49
Apache Camel's XSLT component allows remote attackers to read arbitrary files
2018-10-16 23:13:26
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
prion
prion
Design/Logic Flaw
2014-03-21 04:38:00
Xxe
2014-03-21 04:38:00
Design/Logic Flaw
2014-04-01 06:27:00
atlassian
atlassian
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
debiancve
debiancve
CVE-2014-0050
2014-04-01 06:27:51
CVE-2013-4286
2014-02-26 14:55:00
veracode
veracode
Denial Of Service (DoS) By An Infinite Loop Causing CPU Consumption
2019-01-15 08:58:15
Authorization Bypass
2019-05-02 05:02:08
Request-smuggling Attacks
2019-01-15 08:59:20
f5
f5
SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050
2014-04-18 00:00:00
K15189 : Apache Commons FileUpload vulnerability CVE-2014-0050
2015-08-15 00:00:00
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
mageia
mageia
Updated apache-commons-fileupload package fixes CVE-2014-0050
2014-02-28 22:57:52
Updated tomcat packages fix CVE-2014-0050
2014-02-28 22:59:29
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
jvn
jvn
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2014-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20
2014-02-17 21:06:10
[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19
2014-02-17 21:07:04
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
tomcat
tomcat
Fixed in Apache Tomcat 8.0.3
2014-02-11 00:00:00
Fixed in Apache Tomcat 7.0.52
2014-02-17 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
zdt
zdt
Apache Commons FileUpload and Apache Tomcat Denial of Service
2014-02-12 00:00:00
suse
suse
Security update for jakarta-commons-fileupload (important)
2014-04-17 21:04:15
exploitdb
exploitdb
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
vmware
vmware
VMware product updates address security vulnerabilities in Apache Struts library
2014-06-24 00:00:00
VMware product updates address security vulnerabilities in Apache Struts library
2014-06-24 00:00:00
gentoo
gentoo
Apache Commons FileUpload: Multiple vulnerabilities
2021-07-17 00:00:00
threatpost
threatpost
VMware Patches Apache Struts Flaws in vCOPS
2014-06-25 13:59:49
huawei
huawei
Security Advisory-Apache Struts2 vulnerability on Huawei multiple products
2014-07-07 00:00:00

0.478 Medium

EPSS

Percentile

97.5%

JSON
Related for RHSA-2014:0459
redhat18oraclelinux2openvas31nessus33centos1amazon2ubuntu1debian2securityvulns5ibm33seebug6cvelist4github4checkpoint_advisories3nvd5cve5ubuntucve3osv5prion5atlassian3debiancve2veracode3f52exploitpack1mageia4jvn1fedora3tomcat4zdt1suse1exploitdb1vmware2gentoo1threatpost1huawei1