SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Application (Web Server/CGI)  >   Red Hat JBoss Vendors:   Red Hat
Red Hat JBoss EAP Component Errors Let Remote Users Deny Service and Remote Authenticated Users Gain Potentially Sensitive Information
SecurityTracker Alert ID:  1041707
SecurityTracker URL:  https://securitytracker.com/id/1041707
CVE Reference:   CVE-2017-2582, CVE-2018-10237   (Links to External Site)
Date:  Sep 25 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in Red Hat JBoss Enterprise Application Platform. A remote user can cause the target service to crash. A remote authenticated user can obtain potentially sensitive information on the target system.

A remote user can send specially crafted serialized data to trigger an unbounded memory allocation error in the AtomicDoubleArray class and Compound Ordering class of the guava component to cause denial of service conditions [CVE-2018-10237].

A remote authenticated user can send specially crafted data to break the attribute replacement feature in 'picketlink.xml' [CVE-2017-2582].

Hynek Mlnarik (Red Hat) reported one vulnerability.

Impact:   A remote user can cause the target service to crash.

A remote authenticated user can obtain potentially sensitive information on the target system.

Solution:   Red Hat has issued a fix.

The Red Hat advisory is available at:

https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743

Vendor URL:  access.redhat.com/errata/RHSA-2018:2740 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 16 2018 (Red Hat Issues Fix for Red Hat Network Satellite Server) Red Hat JBoss EAP Component Errors Let Remote Users Deny Service and Remote Authenticated Users Gain Potentially Sensitive Information
Red Hat has issued a fix for Red Hat Network Satellite Server for Red Hat Enterprise Linux.



 Source Message Contents

Subject:  [RHSA-2018:2740-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.