The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat JBoss Enterprise Application Platform

computer vulnerability bulletin CVE-2012-4558

Apache httpd: Cross Site Scripting of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, NSMXpress, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.

Description of the vulnerability

The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.

However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, HP-UX, NSMXpress, MBS, MES, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2013-1821

Ruby: denial of service of REXML via entities

Synthesis of the vulnerability

An attacker can transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 22/02/2013.
Identifiers: BID-58141, bulletinjul2015, CVE-2013-1821, DSA-2738-1, DSA-2809-1, FEDORA-2013-3037, FEDORA-2013-3038, MDVSA-2013:124, MDVSA-2013:200, openSUSE-SU-2013:0603-1, openSUSE-SU-2013:0614-1, RHSA-2013:0611-01, RHSA-2013:0612-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, SUSE-SU-2014:0843-1, SUSE-SU-2014:0844-1, VIGILANCE-VUL-12456.

Description of the vulnerability

The Ruby REXML parser processes XML data.

An XML entity (such as "&abc;") is used to define an alias of a text string.

However, if the same large entity is called several thousand times in an XML document, REXML consumes numerous resources to store the XML tree.

An attacker can therefore transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2013-0269

Ruby: denial of service via JSON

Synthesis of the vulnerability

An attacker can use JSON data, in order to force a Ruby application to progressively use all its memory.
Impacted products: Fedora, openSUSE, RHEL, JBoss EAP by Red Hat, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 22/02/2013.
Identifiers: CVE-2013-0269, FEDORA-2013-3050, FEDORA-2013-3052, openSUSE-SU-2013:0603-1, RHSA-2013:0686-01, RHSA-2013:0698-01, RHSA-2013:0699-01, RHSA-2013:0701-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, VIGILANCE-VUL-12455.

Description of the vulnerability

The JSON format is used to represent a data structure, using text.

However, memory areas used to store data are never freed.

An attacker can therefore use JSON data, in order to force a Ruby application to progressively use all its memory.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-0169

OpenSSL: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MBS, MES, ePO, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 12/02/2013.
Identifiers: 1643316, c03710522, c03883001, CERTA-2013-AVI-454, CVE-2013-0169, DSA-2621-1, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10759, Lucky 13, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0416-01, SB10041, SSA:2013-042-01, SSRT101104, SSRT101289, SUSE-SU-2014:0320-1, VIGILANCE-VUL-12394, VMSA-2013-0009.

Description of the vulnerability

The bulletin VIGILANCE-VUL-12374 describes a vulnerability of TLS/DTLS.

For OpenSSL, the solution VIGILANCE-SOL-28668 corrected this vulnerability. However, this solution was not complete.

An attacker can therefore still inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2013-0166

OpenSSL: denial of service via OCSP

Synthesis of the vulnerability

An attacker can setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, MBS, MES, McAfee Email and Web Security, ePO, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 05/02/2013.
Identifiers: 1643316, BID-57755, BID-60268, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-387, CERTA-2013-AVI-454, CERTFR-2014-AVI-112, CVE-2013-0166, DSA-2621-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10580, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, sol14261, SSA:2013-040-01, SSRT101104, SSRT101289, VIGILANCE-VUL-12378, VMSA-2013-0006.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2.

Description of the vulnerability

The OCSP (Online Certificate Status Protocol) extension checks the validity of certificates.

The OCSP_basic_verify() function of the crypto/ocsp/ocsp_vfy.c file decodes the received OCSP reply. However, if the key is empty, a NULL pointer is dereferenced.

An attacker can therefore setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-0169 CVE-2013-1619 CVE-2013-1620

TLS, DTLS: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Bouncy Castle JCE, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MBS, MES, Mandriva Linux, McAfee Email and Web Security, ePO, MySQL Enterprise, NetScreen Firewall, ScreenOS, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Opera, Java Oracle, Solaris, pfSense, SSL protocol, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 05/02/2013.
Identifiers: 1639354, 1643316, 1672363, BID-57736, BID-57774, BID-57776, BID-57777, BID-57778, BID-57780, BID-57781, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-109, CERTA-2013-AVI-339, CERTA-2013-AVI-454, CERTA-2013-AVI-543, CERTA-2013-AVI-657, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-286, CVE-2013-0169, CVE-2013-1619, CVE-2013-1620, CVE-2013-1621, CVE-2013-1622-REJECT, CVE-2013-1623, CVE-2013-1624, DLA-1518-1, DSA-2621-1, DSA-2622-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi410-201307001, ESXi410-201307401-SG, ESXi510-201401101-SG, FEDORA-2013-2110, FEDORA-2013-2128, FEDORA-2013-2764, FEDORA-2013-2793, FEDORA-2013-2813, FEDORA-2013-2834, FEDORA-2013-2892, FEDORA-2013-2929, FEDORA-2013-2984, FEDORA-2013-3079, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, GNUTLS-SA-2013-1, HPSBUX02856, HPSBUX02909, IC90385, IC90395, IC90396, IC90397, IC90660, IC93077, JSA10575, JSA10580, JSA10759, Lucky 13, MDVSA-2013:014, MDVSA-2013:018, MDVSA-2013:019, MDVSA-2013:040, MDVSA-2013:050, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2013:0807-1, openSUSE-SU-2016:0640-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0587-01, RHSA-2013:0588-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1135-01, RHSA-2013:1144-01, RHSA-2013:1181-01, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0371-01, RHSA-2014:0372-01, RHSA-2014:0896-01, RHSA-2015:1009, SOL14190, SOL15630, SSA:2013-040-01, SSA:2013-042-01, SSA:2013-242-01, SSA:2013-242-03, SSA:2013-287-03, SSRT101104, SSRT101289, SUSE-SU-2013:0328-1, SUSE-SU-2014:0320-1, SUSE-SU-2014:0322-1, swg21633669, swg21638270, swg21639354, swg21640169, VIGILANCE-VUL-12374, VMSA-2013-0006.1, VMSA-2013-0007.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015.

Description of the vulnerability

The TLS protocol uses a block encryption algorithm. In CBC (Cipher Block Chaining) mode, the encryption depends on the previous block.

When an incorrect encrypted message is received, a fatal error message is sent to the sender. However, the duration of the generation of this error message depends on the number of valid bytes, used by a MAC hash.

An attacker can therefore inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.

In order to guess a clear block, 2^23 TLS sessions are required. So, to exploit this vulnerability, the TLS client has to permanently open a new session, as soon as the previous one ended with a fatal error.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2012-4431

Apache Tomcat: bypass of countermeasures against CSRF

Synthesis of the vulnerability

An attacker can bypass verifications of Tomcat against requests dedicated to detection of request forgery, without having any valid session identifier, in order to submit request on other user's behalf.
Impacted products: Tomcat, Fedora, HP-UX, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 05/12/2012.
Identifiers: BID-56814, c03734195, CERTA-2012-AVI-706, CERTA-2013-AVI-145, CERTFR-2014-AVI-112, CVE-2012-4431, FEDORA-2012-20151, HPSBUX02866, openSUSE-SU-2012:1700-1, openSUSE-SU-2012:1701-1, openSUSE-SU-2013:0147-1, openSUSE-SU-2013:0161-1, openSUSE-SU-2013:0192-1, RHSA-2013:0265-01, RHSA-2013:0266-01, RHSA-2013:0267-01, RHSA-2013:0268-01, RHSA-2013:0647-01, RHSA-2013:0648-01, RHSA-2013:0665-01, RHSA-2013:1437-01, RHSA-2013:1853-01, SSRT101139, VIGILANCE-VUL-12209.

Description of the vulnerability

An attacker can bypass verifications against requests dedicated to detection of request forgery, without having any valid session identifier, in order to submit request on other user's behalf.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2012-3546

Apache Tomcat: authentication bypass via URL mangling

Synthesis of the vulnerability

An attacker who must go through authentication via a form, can append /j_security_check to to URL, in order to bypass the authentication process.
Impacted products: Tomcat, Debian, Fedora, HPE NNMi, HP-UX, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 05/12/2012.
Identifiers: BID-56812, c03734195, c03824583, CERTA-2012-AVI-706, CERTA-2013-AVI-145, CERTA-2013-AVI-440, CERTFR-2014-AVI-112, CVE-2012-3546, DSA-2725-1, FEDORA-2012-20151, HPSBMU02894, HPSBUX02866, openSUSE-SU-2012:1700-1, openSUSE-SU-2012:1701-1, openSUSE-SU-2013:0147-1, RHSA-2013:0004-01, RHSA-2013:0005-01, RHSA-2013:0146-01, RHSA-2013:0147-01, RHSA-2013:0151-01, RHSA-2013:0157-01, RHSA-2013:0158-01, RHSA-2013:0162-01, RHSA-2013:0163-01, RHSA-2013:0164-01, RHSA-2013:0191-01, RHSA-2013:0192-01, RHSA-2013:0193-01, RHSA-2013:0194-01, RHSA-2013:0195-01, RHSA-2013:0196-01, RHSA-2013:0197-01, RHSA-2013:0198-01, RHSA-2013:0221-01, RHSA-2013:0235-01, RHSA-2013:0623-01, RHSA-2013:0640-01, RHSA-2013:0641-01, RHSA-2013:0642-01, SSRT101139, VIGILANCE-VUL-12208.

Description of the vulnerability

The URL suffix /j_security_check has a special meaningful in the authentication process with a form.

Some Tomcat components other than the one in charge of password check can define the account used to validate accesses for the remote user (the principal). However, when the requested URL has this special suffix, these assignments badly interact with the desire that access to the error pages and login form are always granted, which leads to premature termination of the credentials validation.

An attacker who must go through authentication via a form, can append /j_security_check to to URL, in order to bypass the authentication process.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2012-4534

Apache Tomcat: denial of service via SSL and NIO

Synthesis of the vulnerability

An attacker who access Tomcat using the NIO connector and an SSL enabled connection, can cause excessive computing power, in order to deny service.
Impacted products: Tomcat, Debian, Fedora, HP-UX, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 2/4.
Creation date: 05/12/2012.
Identifiers: BID-56813, c03734195, CERTA-2012-AVI-706, CERTA-2013-AVI-145, CERTFR-2014-AVI-112, CVE-2012-4534, DSA-2725-1, FEDORA-2012-20151, HPSBUX02866, openSUSE-SU-2013:0161-1, openSUSE-SU-2013:0170-1, openSUSE-SU-2013:0192-1, RHSA-2013:0265-01, RHSA-2013:0266-01, RHSA-2013:0623-01, SSRT101139, VIGILANCE-VUL-12207, VMSA-2013-0006.

Description of the vulnerability

The vulnerability is applicable under the following conditions:
 - Tomcat is configured to use the NIO connector.
 - Tomcat use the sendfile() system call, which require that the response body is static.
 - The connection must use HTTP over SSL.

In this case, when the attacker half close the TCP connection and discard received TCP data, Tomcat enters in a CPU intensive endless loop, while attempting to send the response body.

An attacker who access Tomcat using the NIO connector and an SSL enabled connection, can therefore cause excessive computing power, in order to deny service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat JBoss Enterprise Application Platform: