Remote Arbitrary Code Execution Vulnerability (CVE-2014-3518) for multiple Red Hat JBoss Products)

Remote Arbitrary Code Execution Vulnerability (CVE-2014-3518) for multiple Red Hat JBoss Products)

Release date:
Updated on:

Affected Systems:
RedHat JBoss Enterprise Application Platform
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68890
CVE (CAN) ID: CVE-2014-3518
 
JBoss Enterprise Application Platform (EAP) is a middleware Platform for J2EE applications.
 
Red Hat JBoss Enterprise Application Platform (JEAP) the JBoss Remoting jmx-remoting.sar used in 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, Red Hat JBoss SOA Platform 5.3.1 does not properly implement the JS4 160 specification, this allows remote attackers to execute arbitrary code.

RHEL6.5 install OpenJDK1.7.0 + JBoss7.1.1 + Maven3.0.4

Hot deployment of earlier versions of JBoss to JBoss7
 
<* Source: Harun ESUR
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://rhn.redhat.com/errata/RHSA-2014-0887.html

This article permanently updates the link address: