Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Red Hat JBoss ERP

 

Systems Affected


Red Hat JBoss Enterprise Application Platform 6 EL5

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Red Hat JBoss Enterprise Application Platform which could be exploited by remote attacker to launch denial of service attacks & execute arbitrary code on the target system.


Description


Denial of service Vulnerability ( CVE-2015-5304 )
This vulnerability exists in Red Hat JBoss Enterprise Application Platform due to improper authorization of a user performing a shut down. A remote attacker with the Monitor, Deplorer, or Auditor role may use the flaw to shut down the EAP server. Successful exploitation of this vulnerability could allow a remote attacker to cause an affected system to crash resulting in denial of service (DoS) condition.

Denial of service Vulnerability ( CVE-2015-7501 )
This vulnerability exits in Apache commons-collections library due to improper validation of user-supplied input when deserializing objects involving a specially constructed chain of classes. A remote attacker could exploit this vulnerability by execute arbitrary code or cause denial of service conditions (application crash) on the affected systems.


Impact



Solution/ Workarounds


Apply appropriate fix/patch as mentioned by the vendor
https://rhn.redhat.com/errata/RHSA-2015-2538.html


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.