RHSA-2014:0511: Important: Red Hat JBoss Operations Network 3.2.1 security update

First published: Thu May 15 2014(Updated: )

Red Hat JBoss Operations Network is a middleware management solution that<br>provides a single point of control to deploy, manage, and monitor JBoss<br>Enterprise Middleware, applications, and services.<br>Apache Struts is a framework for building web applications with Java.<br>It was found that the Struts 1 ActionForm object allowed access to the<br>'class' parameter, which is directly mapped to the getClass() method. A<br>remote attacker could use this flaw to manipulate the ClassLoader used by<br>an application server running Struts 1. This could lead to remote code<br>execution under certain conditions. (CVE-2014-0114)<br>It was found that when JBoss Web processed a series of HTTP requests in<br>which at least one request contained either multiple content-length<br>headers, or one content-length header with a chunked transfer-encoding<br>header, JBoss Web would incorrectly handle the request. A remote attacker<br>could use this flaw to poison a web cache, perform cross-site scripting<br>(XSS) attacks, or obtain sensitive information from other requests.<br>(CVE-2013-4286)<br>All users of JBoss Operations Network 3.2.1 as provided from the Red Hat<br>Customer Portal are advised to apply this update.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2014:0511