RHSA-2018:1608 - Security Advisory
Critical: Red Hat JBoss Enterprise Application Platform 5.2 security update
Security Advisory: Critical
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0.
- jbossas: Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter of HTTP Invoker. (CVE-2017-12149)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Joao F M Figueiredo for reporting this issue.
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).
- JBoss Enterprise Application Platform Text-Only Advisories x86_64
- BZ - 1486220 - CVE-2017-12149 jbossas: Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter of HTTP Invoker.
The Red Hat security contact is email@example.com. More contact details at https://access.redhat.com/security/team/contact/.