Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.21
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2017-2582 CVE-2017-7536 CVE-2018-13366 CVE-2018-1336 CVE-2018-10237 |
| CWE-ID | CWE-200 CWE-264 CWE-835 CWE-789 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
JBoss Enterprise Application Platform Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU14267
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-2582
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists in the StaxParserUtil class of the Picketlink feature due to improper parsing of Security Assertion Markup Language (SAML) messages. A remote attacker can send a specially crafted SAML request that submits malicious input and access sensitive information, such as values of system properties.
MitigationInstall updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2018:2743
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU9130
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2017-7536
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to the security manager's reflective permissions are granted to Hibernate Validator. A local attacker can allow the calling code to access private members without the permission, validate an invalid instance, access the private member value via ConstraintViolation#getInvalidValue() and gain execute arbitrary code with elevated privileges.
Install updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2018:2743
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU16173
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13366
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote to obtain potentially sensitive information.
The weakness exists due to Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol. A remote attacker can gain access to arbitrary data.
Install updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2018:2743
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU13986
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1336
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handing of overflow in the UTF-8 decoder with supplementary characters. A remote attacker can send trigger an infinite loop in the decoder and cause the service to crash.
MitigationInstall updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2018:2743
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Uncontrolled memory allocation
EUVDB-ID: #VU12886
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10237
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to unbounded memory allocation. A remote attacker can cause the service to crash and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Install updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2018:2743
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
