SB2018062717 - Multiple vulnerabilities in JBoss Enterprise Application Platform
Published: June 27, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3894)
The vulnerability allows a remote authenticated user to execute arbitrary code.
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
2) Code Injection (CVE-ID: CVE-2017-7465)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.
Remediation
Install update from vendor's website.
References
- https://access.redhat.com/errata/RHSA-2019:1106
- https://access.redhat.com/errata/RHSA-2019:1107
- https://access.redhat.com/errata/RHSA-2019:1108
- https://access.redhat.com/errata/RHSA-2019:1140
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894
- https://security.netapp.com/advisory/ntap-20190517-0004/
- http://www.securityfocus.com/bid/97605
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465