Red Hat Security Advisory 2015-0851-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements.
9c35a2e3da753f782421c5fae6cc800fdd2198541a72b87ddbb7e26976fb351aRed Hat Security Advisory 2015-0850-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements.
290b4f0a91f99c1bf88abbdb829b7cd88cf73b3f112a40d00f3e02cb6d9adc8cRed Hat Security Advisory 2015-0675-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. The release of Red Hat JBoss Data Virtualization 6.1.0 serves as a replacement for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
a75cda8ec63a5e546176c931f472dd7be9d8e3618cc45e5e9dc28e234143ba38Red Hat Security Advisory 2014-1728-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
e2b3241999dec897f338bc0770e036f184abcc4c7a5b9d6473bd31baf45a1189Red Hat Security Advisory 2014-1727-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.
15815da67895245be3e60bd573a67f7aeab5d6b55d3bc7c5c19f31d5b000eeefRed Hat Security Advisory 2014-1726-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
0237b57e863d67d1b8b7dec975e647ac269fb1ee78a854b030cf8bf8d4de8c2aRed Hat Security Advisory 2014-1725-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.
1cbfb0360f124aa833830bb75c99434a7de7adc9ee4199ceb6bcb2b87b7fcd2eRed Hat Security Advisory 2014-0582-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
b8593d70dd43aadb30773782fde079796ce4e875ae531e2e5e5e45c520c7f18dRed Hat Security Advisory 2014-0473-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes.
4f401d1844f1516c45c35fb297633215009b76b4c56f316e4ac41897e16d6d9bRed Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.
59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823eRed Hat Security Advisory 2014-0195-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.
ad17b99c336d1d0ac63117515d8fb941efea61e47e0482fa54c72c275372cd9eRed Hat Security Advisory 2014-0172-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
541f07157180c8db909f86a437b2213620a20031cbdccf831162fc96fb9d554fRed Hat Security Advisory 2014-0171-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
6ea55d54a664d704b909d71fccb7a651a80a777a52a2c4bd5d51856a12b1f5a6Red Hat Security Advisory 2014-0170-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
4a7a416e0f9b2d1408e2420c51fc4ae55f44ce58cef88c50b293d9afcf81cdcaThe Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.
8718e8b28ba92f0c8d1021a89a00f91b0c89c346b43d6b5dba5031eb339cb16c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed