PT-2014-5369 · Red Hat · Red Hat Jboss Soa Platform+3
Published
2014-07-22
·
Updated
2014-07-23
·
CVE-2014-3518
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Enterprise Application Platform version 5.2.0
Red Hat JBoss BRMS version 5.3.1
Red Hat JBoss Portal Platform version 5.2.2
Red Hat JBoss SOA Platform version 5.3.1
Description
The issue is related to the improper implementation of the JSR 160 specification in the jmx-remoting.sar component of JBoss Remoting. This allows remote attackers to execute arbitrary code via unspecified vectors.
Recommendations
For Red Hat JBoss Enterprise Application Platform version 5.2.0, update to a version that properly implements the JSR 160 specification.
For Red Hat JBoss BRMS version 5.3.1, update to a version that properly implements the JSR 160 specification.
For Red Hat JBoss Portal Platform version 5.2.2, update to a version that properly implements the JSR 160 specification.
For Red Hat JBoss SOA Platform version 5.3.1, update to a version that properly implements the JSR 160 specification.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Brms
Red Hat Jboss Enterprise Application Platform
Red Hat Jboss Portal Platform
Red Hat Jboss Soa Platform