First published: Mon Mar 24 2008(Updated: )
JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition<br>(J2EE) applications.<br>This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss<br>Application Server and JBoss Seam. This release serves as a replacement to<br>JBEAP 4.2.0.GA.<br>The updated packages address the following security vulnerabilities:<br><li> the JFreeChart component was vulnerable to multiple cross-site scripting </li> (XSS) vulnerabilities. An attacker could misuse the image map feature to<br>inject arbitrary web script or HTML via several attributes of the chart<br>area. (CVE-2007-6306)<br><li> a vulnerability caused by exposing static java methods was located within </li> the HSQLDB component. This could be utilized by an attacker to execute<br>arbitrary static java methods. (CVE-2007-4575)<br><li> the setOrder method in the org.jboss.seam.framework.Query class did not </li> properly validate user-supplied parameters. This vulnerability allowed<br>remote attackers to inject and execute arbitrary EJBQL commands via the<br>order parameter. (CVE-2007-6433)<br>All users are advised to upgrade to this release of JBEAP, which addresses<br>these vulnerabilities.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.