ID de Prueba:	1.3.6.1.4.1.25623.1.0.62881
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0158
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0158. JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. The updated packages address the following security vulnerabilities: * the JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) * a vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) * the setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) All users are advised to upgrade to this release of JBEAP, which addresses these vulnerabilities. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0158.html http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6306 BugTraq ID: 26752 http://www.securityfocus.com/bid/26752 Bugtraq: 20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/484709/100/0/threaded http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662 http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662 http://www.rapid7.com/advisories/R7-0031.jsp http://osvdb.org/41843 http://osvdb.org/41844 http://osvdb.org/41845 http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.redhat.com/support/errata/RHSA-2008-0261.html RedHat Security Advisories: RHSA-2008:0630 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/27959 http://secunia.com/advisories/31493 http://securityreason.com/securityalert/3430 XForce ISS Database: jfreechart-imagemap-xss(38922) https://exchange.xforce.ibmcloud.com/vulnerabilities/38922 Common Vulnerability Exposure (CVE) ID: CVE-2007-4575 1019041 http://www.securitytracker.com/id?1019041 103141 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1 200637 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1 26703 http://www.securityfocus.com/bid/26703 27914 http://secunia.com/advisories/27914 27916 http://secunia.com/advisories/27916 27928 http://secunia.com/advisories/27928 27931 http://secunia.com/advisories/27931 27972 http://secunia.com/advisories/27972 28018 http://secunia.com/advisories/28018 28039 http://secunia.com/advisories/28039 28286 http://secunia.com/advisories/28286 28585 http://secunia.com/advisories/28585 30100 http://secunia.com/advisories/30100 ADV-2007-4092 http://www.vupen.com/english/advisories/2007/4092 ADV-2007-4146 http://www.vupen.com/english/advisories/2007/4146 DSA-1419 http://www.debian.org/security/2007/dsa-1419 FEDORA-2007-4119 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html FEDORA-2007-4120 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html FEDORA-2007-4171 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html FEDORA-2007-4172 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html FEDORA-2007-762 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html GLSA-200712-25 http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml MDVSA-2008:095 http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 RHSA-2007:1048 http://www.redhat.com/support/errata/RHSA-2007-1048.html RHSA-2007:1090 http://www.redhat.com/support/errata/RHSA-2007-1090.html RHSA-2008:0151 RHSA-2008:0158 RHSA-2008:0213 SUSE-SA:2007:067 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html USN-609-1 http://www.ubuntu.com/usn/usn-609-1 http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://www.openoffice.org/security/cves/CVE-2007-4575.html openoffice-hsqldb-code-execution(38882) https://exchange.xforce.ibmcloud.com/vulnerabilities/38882 oval:org.mitre.oval:def:10153 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153 Common Vulnerability Exposure (CVE) ID: CVE-2007-6433 BugTraq ID: 26850 http://www.securityfocus.com/bid/26850 http://osvdb.org/42631 http://secunia.com/advisories/28077 http://www.vupen.com/english/advisories/2007/4215
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.