RHSA-2008:0158: Moderate: JBoss Enterprise Application Platform security update

First published: Mon Mar 24 2008(Updated: )

JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition<br>(J2EE) applications.<br>This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss<br>Application Server and JBoss Seam. This release serves as a replacement to<br>JBEAP 4.2.0.GA.<br>The updated packages address the following security vulnerabilities:<br><li> the JFreeChart component was vulnerable to multiple cross-site scripting </li> (XSS) vulnerabilities. An attacker could misuse the image map feature to<br>inject arbitrary web script or HTML via several attributes of the chart<br>area. (CVE-2007-6306)<br><li> a vulnerability caused by exposing static java methods was located within </li> the HSQLDB component. This could be utilized by an attacker to execute<br>arbitrary static java methods. (CVE-2007-4575)<br><li> the setOrder method in the org.jboss.seam.framework.Query class did not </li> properly validate user-supplied parameters. This vulnerability allowed<br>remote attackers to inject and execute arbitrary EJBQL commands via the<br>order parameter. (CVE-2007-6433)<br>All users are advised to upgrade to this release of JBEAP, which addresses<br>these vulnerabilities.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2008:0158
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness