Release date: Updated: Affected System: RedHatJBossEnterpriseApplicationPlatform Description: describugtraqid: 68890CVE (C
Release date:
Updated on:
Affected Systems:
RedHat JBoss Enterprise Application Platform
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68890
CVE (CAN) ID: CVE-2014-3518
JBoss Enterprise Application Platform (EAP) is a middleware Platform for J2EE applications.
Red Hat JBoss Enterprise Application Platform (JEAP) the JBoss Remoting jmx-remoting.sar used in 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, Red Hat JBoss SOA Platform 5.3.1 does not properly implement the JS4 160 specification, this allows remote attackers to execute arbitrary code.
RHEL6.5 install OpenJDK1.7.0 + JBoss7.1.1 + Maven3.0.4 http://www.linuxidc.com/Linux/2014-04/99854.htm
JBoss earlier project hot deployment to JBoss7 http://www.linuxidc.com/Linux/2014-04/99853.htm
<* Source: Harun ESUR
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://rhn.redhat.com/errata/RHSA-2014-0887.html
This article permanently updates the link address: Http://www.linuxidc.com/Linux/2014-07/104801.htm