exploit the possibilities

Red Hat Security Advisory 2012-1606-01

Red Hat Security Advisory 2012-1606-01
Posted Dec 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1606-01 - The Fuse Management Console is used for managing Fuse ESB Enterprise and Fuse MQ Enterprise deployments. This release of Fuse Management Console 7.1.0 serves as a replacement for Fuse Management Console 1.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4461
MD5 | 6af26a1922aac4e51accbeacafc9964f

Red Hat Security Advisory 2012-1606-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Fuse Management Console 7.1.0 update
Advisory ID: RHSA-2012:1606-01
Product: Fuse Enterprise Middleware
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1606.html
Issue date: 2012-12-21
CVE Names: CVE-2011-4461
=====================================================================

1. Summary:

Fuse Management Console 7.1.0, which fixes one security issue, various
bugs, and adds enhancements, is now available from the Red Hat Customer
Portal.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Description:

The Fuse Management Console is used for managing Fuse ESB Enterprise and
Fuse MQ Enterprise deployments.

This release of Fuse Management Console 7.1.0 serves as a replacement for
Fuse Management Console 1.0.2, and includes bug fixes and enhancements.
Refer to the Fuse Management Console 7.1.0 Release Notes for information on
the most significant of these changes. The Release Notes will be available
shortly from https://access.redhat.com/knowledge/docs/

The following security issue is also fixed with this release:

It was found that the Java hashCode() method implementation was susceptible
to predictable hash collisions. A remote attacker could use this flaw to
cause the Jetty HTTP server (a component of Apache Karaf, used by Fuse
Management Console) to use an excessive amount of CPU time by sending an
HTTP request with a large number of parameters whose names map to the same
hash value. This update introduces a limit of 1000 on the number of
parameters processed per request to mitigate this issue. (CVE-2011-4461)

Red Hat would like to thank oCERT for reporting this issue. oCERT
acknowledges Julian Wälde and Alexander Klink as the original reporters.

All users of Fuse Management Console 1.0.2 as provided from the Red Hat
Customer Portal are advised to upgrade to Fuse Management Console 7.1.0.

3. Solution:

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (http://bugzilla.redhat.com/):

781677 - CVE-2011-4461 jetty: hash table collisions CPU usage DoS (oCERT-2011-003)

5. References:

https://www.redhat.com/security/data/cve/CVE-2011-4461.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.management.console&downloadType=distributions
https://access.redhat.com/knowledge/docs/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFQ09jKXlSAg2UNWIIRAiOCAJ9y7rISxSa5mt1otw8hOfWmhuacEQCgpJBV
or3n8Ijq4WAP7Lwfhq+5r9c=
=q6dh
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close