RHSA-2017:3456: Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

First published: Wed Dec 13 2017(Updated: )

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.<br>This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> A Denial of Service can be caused when a long request is sent to EAP 7. (CVE-2016-7046)</li> <li> World executable permission on bin/jboss-cli after installation. Any users of the system could cause harm, or shutdown the running instance. (CVE-2016-7066)</li> <li> A deserialization vulnerability via readValue method of ObjectMapper which allows arbitrary code execution. (CVE-2017-7525)</li> <li> JMSObjectMessage deserializes potentially malicious objects allowing Remote Code Execution. (CVE-2016-4978)</li> <li> Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting. (CVE-2016-4993)</li> <li> The domain controller will not propagate its administrative RBAC configuration to some slaves leading to escalate their privileges. (CVE-2016-5406)</li> <li> Internal IP address disclosed on redirect when request header Host field is not set. (CVE-2016-6311)</li> <li> Potential EAP resource starvation DOS attack via GET requests for server log files. (CVE-2016-8627)</li> <li> Inefficient Header Cache could cause denial of service. (CVE-2016-9589)</li> <li> The log file viewer allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)</li> <li> HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests. (CVE-2017-2666)</li> <li> Websocket non clean close can cause IO thread to get stuck in a loop. (CVE-2017-2670)</li> <li> Privilege escalation with security manager's reflective permissions when granted to Hibernate Validator. (CVE-2017-7536)</li> <li> Potential http request smuggling as Undertow parses the http headers with unusual whitespaces. (CVE-2017-7559)</li> <li> Properties based files of the management and the application realm are world readable allowing access to users and roles information to all the users logged in to the system. (CVE-2017-12167)</li> <li> RBAC configuration allows users with a Monitor role to view the sensitive information. (CVE-2016-7061)</li> <li> Improper whitespace parsing leading to potential HTTP request smuggling. (CVE-2017-12165)</li> Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525; Calum Hutton (NCC Group) and Mikhail Egorov (Odin) for reporting CVE-2016-4993; Luca Bueti for reporting CVE-2016-6311; Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589; and Gregory Ramsperger and Ryan Moak for reporting CVE-2017-2670. The CVE-2016-5406 issue was discovered by Tomaz Cerar (Red Hat); the CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and Brian Stansberry (Red Hat); the CVE-2017-2666 issue was discovered by Radim Hatlapatka (Red Hat); the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); the CVE-2017-7559 and CVE-2017-12165 issues were discovered by Stuart Douglas (Red Hat); and the CVE-2017-12167 issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi (Red Hat). Upstream acknowledges WildFly as the original reporter of CVE-2016-6311.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/severity
• agent/type
• agent/event
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• agent/remedy
• agent/weakness
• agent/title
• agent/tags
• agent/description
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2017:3456