25 Sep 2012
JBoss Enterprise Application Platform 5.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
Red Hat has issued an update for multiple JBoss Enterprise products. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.
Updated packages are available via Red Hat Network.
JBoss Enterprise Application Platform 5.1.2:
JBoss Enterprise Application Platform 6.0.0:
JBoss Enterprise Web Server 1.0.2: