(RHSA-2018:1607) Critical: Red Hat JBoss Enterprise Application Platform 5.2 security update

2018-05-1718:11:20

access.redhat.com

134

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.938

Percentile

99.2%

JSON

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0.

Security Fix(es):

jbossas: Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter of HTTP Invoker. (CVE-2017-12149)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Joao F M Figueiredo for reporting this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchjbossas< 5.2.0-24.ep5.el6jbossas-5.2.0-24.ep5.el6.noarch.rpm
RedHat5noarchjbossas-ws-native< 5.2.0-24.ep5.el5jbossas-ws-native-5.2.0-24.ep5.el5.noarch.rpm
RedHat6noarchjbossas-messaging< 5.2.0-24.ep5.el6jbossas-messaging-5.2.0-24.ep5.el6.noarch.rpm
RedHat6noarchjbossas-client< 5.2.0-24.ep5.el6jbossas-client-5.2.0-24.ep5.el6.noarch.rpm
RedHat5noarchjbossas-client< 5.2.0-24.ep5.el5jbossas-client-5.2.0-24.ep5.el5.noarch.rpm
RedHat6noarchjbossas-ws-native< 5.2.0-24.ep5.el6jbossas-ws-native-5.2.0-24.ep5.el6.noarch.rpm
RedHat5noarchjbossas-messaging< 5.2.0-24.ep5.el5jbossas-messaging-5.2.0-24.ep5.el5.noarch.rpm
RedHat5noarchjbossas< 5.2.0-24.ep5.el5jbossas-5.2.0-24.ep5.el5.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	jbossas	< 5.2.0-24.ep5.el6	jbossas-5.2.0-24.ep5.el6.noarch.rpm
RedHat	5	noarch	jbossas-ws-native	< 5.2.0-24.ep5.el5	jbossas-ws-native-5.2.0-24.ep5.el5.noarch.rpm
RedHat	6	noarch	jbossas-messaging	< 5.2.0-24.ep5.el6	jbossas-messaging-5.2.0-24.ep5.el6.noarch.rpm
RedHat	6	noarch	jbossas-client	< 5.2.0-24.ep5.el6	jbossas-client-5.2.0-24.ep5.el6.noarch.rpm
RedHat	5	noarch	jbossas-client	< 5.2.0-24.ep5.el5	jbossas-client-5.2.0-24.ep5.el5.noarch.rpm
RedHat	6	noarch	jbossas-ws-native	< 5.2.0-24.ep5.el6	jbossas-ws-native-5.2.0-24.ep5.el6.noarch.rpm
RedHat	5	noarch	jbossas-messaging	< 5.2.0-24.ep5.el5	jbossas-messaging-5.2.0-24.ep5.el5.noarch.rpm
RedHat	5	noarch	jbossas	< 5.2.0-24.ep5.el5	jbossas-5.2.0-24.ep5.el5.noarch.rpm