SB2018031234 - Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 7 update for eap7-jboss-ec2-eap 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018031234

SB2018031234 - Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 7 update for eap7-jboss-ec2-eap

Published: March 12, 2018

Security Bulletin ID SB2018031234
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 56% Medium 22% Low 22%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Heap memory exhaustion (CVE-ID: CVE-2017-12174)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap memory exhaustion. A remote attacker can trigger memory corruption and cause the service to crash.

2) Man-in-the-middle attack (CVE-ID: CVE-2017-12196)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line when using Digest authentication. A remote attacker can conduct man-in-the-middle attack and gin access to potentially sensitive information.

3) Deserialization of untrusted data (CVE-ID: CVE-2017-15089)

The vulnerability allows a remote authenticated attacker to execute arbitrary data on the target system.

The weakness exists due to unsafely read deserialized data on information from the cache. A remote attacker can inject specially-crafted serialized objects into data cache and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Remote code execution (CVE-ID: CVE-2017-15095)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Deserialization of untrusted data (CVE-ID: CVE-2017-17485)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the FasterXML jackson-databind library due to improper validation of user-input handled by the readValue method of the ObjectMapper object. A remote attacker can send malicious input to the vulnerable method of a web application that uses the Spring library in the application's classpath and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Deserialization of untrusted data (CVE-ID: CVE-2017-7525)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.

Successful exploitation of the vulnerability may result in system compromise.

7) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2017-7561)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.


8) Path traversal (CVE-ID: CVE-2018-1048)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.


9) Deserialization of untrusted data (CVE-ID: CVE-2018-5968)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to deserialization flaw. A remote attacker can supply specially crafted input, execute arbitrary code and bypass a blacklist on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References