Chapter 7. Application of the Latest Security Patches
After you have installed JBoss Enterprise Application Platform from Red Hat Network, apply the latest security patches available from Red Hat Network for your JBoss Enterprise Application Server:
- Log in to Red Hat Customer Portal and go to https://access.redhat.com/jbossnetwork/restricted/listSoftware.html.
- Select the
Application Platformentry in the Product field. - After page refresh, select the appropriate JBoss Enterprise Application Platform version in the Version field.
- Click the Security Advisories tab.
- Download the security patches and follow the documentation in the patches to have them installed.
Warning
By default, the Legacy Invoker Servlet is exposed on all network interfaces and deserializes objects sent to it via HTTP. In addition to applying the latest security patches, we recommended that you only bind this servlet to the loopback network interface so that remote users cannot use it perform deserialization attacks. Failure to restrict access to this servlet could lead to remote code execution being allowed to remote attackers.
For instructions on binding this servlet to the loopback network interface, see https://access.redhat.com/solutions/45530.
