- Vulnerability/
- RHSA-2014:1891
RHSA-2014:1891: Important: Red Hat JBoss BRMS 6.0.3 security update
First published: Mon Nov 24 2014(Updated: )
Red Hat JBoss BRMS is a business rules management system for the<br>management, storage, creation, modification, and deployment of JBoss Rules.<br>This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS<br>6.0.3, and includes bug fixes and enhancements. It includes various bug<br>fixes, which are listed in the README file included with the patch files.<br>The following security issues are fixed with this release:<br>It was discovered that Jakarta Commons HttpClient incorrectly extracted the<br>host name from an X.509 certificate subject's Common Name (CN) field.<br>A man-in-the-middle attacker could use this flaw to spoof an SSL server<br>using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)<br>The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat<br>Product Security.<br>All users of Red Hat JBoss BRMS 6.0.3 as provided from the Red Hat Customer<br>Portal are advised to apply this roll up patch.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1129074
- https://bugzilla.redhat.com/show_bug.cgi?id=1129916
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions&version=6.0.3
- https://access.redhat.com/errata/RHSA-2014:1891 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2014:1891
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type