偵測

Plugin

RHEL 6：RHEL 6 上的 Red Hat JBoss Enterprise Application Platform 7.1.6 (RHSA-2019:0364)

high Nessus Plugin ID 122332

語系：

概要

遠端 Red Hat 主機遺漏一個或多個適用於 RHEL 6 上 Red Hat JBoss Enterprise Application Platform 7.1.6 的安全性更新。

說明

遠端 Redhat Enterprise Linux 6 主機上安裝的套件受到 RHSA-2019:0364 公告中提及的多個弱點影響。

- wildfly-core：JBoss Management Console 中的跨網站指令碼 (XSS) (CVE-2018-10934)

- undertow：在 Undertow 可以從隨機緩衝區提供資料的某些情況下的資訊洩漏 (CVE-2018-14642)

- dom4j：Class: Element 中的 XML 注入攻擊。Methods：可影響 XML 文件完整性的 addElement、addAttribute (CVE-2018-1000632)

請注意，Nessus 並未測試這些問題，而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

根據 RHSA-2019:0364 中的指引更新 RHEL 6 上的 RHEL Red Hat JBoss Enterprise Application Platform 7.1.6 套件。

另請參閱

http://www.nessus.org/u?2ae1b122

http://www.nessus.org/u?7bee5f5f

http://www.nessus.org/u?92f94c8a

https://access.redhat.com/errata/RHSA-2019:0364

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1615673

https://bugzilla.redhat.com/show_bug.cgi?id=1620529

https://bugzilla.redhat.com/show_bug.cgi?id=1628702

https://issues.redhat.com/browse/JBEAP-15311

https://issues.redhat.com/browse/JBEAP-15370

https://issues.redhat.com/browse/JBEAP-15373

https://issues.redhat.com/browse/JBEAP-15440

https://issues.redhat.com/browse/JBEAP-15443

https://issues.redhat.com/browse/JBEAP-15444

https://issues.redhat.com/browse/JBEAP-15461

https://issues.redhat.com/browse/JBEAP-15482

https://issues.redhat.com/browse/JBEAP-15483

https://issues.redhat.com/browse/JBEAP-15525

https://issues.redhat.com/browse/JBEAP-15528

https://issues.redhat.com/browse/JBEAP-15545

https://issues.redhat.com/browse/JBEAP-15619

https://issues.redhat.com/browse/JBEAP-15627

https://issues.redhat.com/browse/JBEAP-15747

https://issues.redhat.com/browse/JBEAP-15842

https://issues.redhat.com/browse/JBEAP-15852

https://issues.redhat.com/browse/JBEAP-15891

https://issues.redhat.com/browse/JBEAP-16015

https://issues.redhat.com/browse/JBEAP-9658

Plugin 詳細資訊

嚴重性: High

ID: 122332

檔案名稱: redhat-RHSA-2019-0364.nasl

版本: 1.8

類型: local

代理程式: unix

系列: Red Hat Local Security Checks

已發布: 2019/2/20

已更新: 2024/4/24

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Medium

基本分數: 5

時間分數: 3.9

媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 評分資料來源: CVE-2018-14642

CVSS v3

風險因素: High

基本分數: 7.5

時間分數: 6.7

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

CVSS 評分資料來源: CVE-2018-1000632

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-common, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-web-console-eap, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools, p-cpe:/a:redhat:enterprise_linux:eap7-dom4j, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-jandex, p-cpe:/a:redhat:enterprise_linux:eap7-jberet, p-cpe:/a:redhat:enterprise_linux:eap7-jberet-core, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-el-api_3.0_spec, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-modules, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-security-negotiation, p-cpe:/a:redhat:enterprise_linux:eap7-jbossws-common, p-cpe:/a:redhat:enterprise_linux:eap7-narayana, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2019/2/18

弱點發布日期: 2018/8/20

參考資訊

CVE: CVE-2018-1000632, CVE-2018-10934, CVE-2018-14642

CWE: 200, 79, 88

RHSA: 2019:0364