- Vulnerability/
- RHSA-2014:0212
RHSA-2014:0212: Moderate: Red Hat JBoss SOA Platform 5.3.1 update
First published: Tue Feb 25 2014(Updated: )
Red Hat JBoss SOA Platform is the next-generation ESB and business process<br>automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage<br>existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and<br>CEP) integration methodologies to dramatically improve business process<br>execution speed and quality.<br>This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA<br>Platform 5.3.1. It includes various bug fixes. The following security<br>issues are also fixed with this release:<br>A flaw was found in the way Apache Santuario XML Security for Java<br>validated XML signatures. Santuario allowed a signature to specify an<br>arbitrary canonicalization algorithm, which would be applied to the<br>SignedInfo XML fragment. A remote attacker could exploit this to spoof an<br>XML signature via a specially-crafted XML signature block. (CVE-2013-2172)<br>It was discovered that the Spring OXM wrapper did not expose any property<br>for disabling entity resolution when using the JAXB unmarshaller. A remote<br>attacker could use this flaw to conduct XML External Entity (XXE) attacks<br>on web sites, and read files in the context of the user running the<br>application server. The patch for this flaw disables external entity<br>processing by default, and provides a configuration directive to re-enable<br>it. (CVE-2013-4152)<br>Warning: Before applying the update, back up your existing Red Hat JBoss<br>SOA Platform installation (including its databases, applications,<br>configuration files, and so on).<br>All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat<br>Customer Portal are advised to apply this roll up patch.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=999263
- https://bugzilla.redhat.com/show_bug.cgi?id=1000186
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA
- https://access.redhat.com/errata/RHSA-2014:0212 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- anchor-id/RHSA-2014:0212