CVE-2012-6153
Find out more about CVE-2012-6153 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533
This issue affects the versions of HttpComponents Client and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Virtualization 6. A future update may address this issue.
This issue did not affect the jakarta-commons-httpclient packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, and httpcomponents-client packages as shipped with Red Hat Enterprise Linux 7.
Red Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/
Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/
CVSS v2 metrics
| Base Score | 5.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Web Platform 5 for RHEL 5 Server (apache-cxf) | RHSA-2014:1833 | 2014-11-10 |
| Red Hat JBoss Enterprise Application Platform 6.3 | RHSA-2014:1163 | 2014-09-04 |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server | RHSA-2014:2019 | 2014-12-18 |
| Red Hat JBoss SOA Platform 5.3 | RHSA-2015:1888 | 2015-10-12 |
| Red Hat JBoss BPMS 6.0 | RHSA-2015:0851 | 2015-04-16 |
| Red Hat JBoss Fuse Service Works 6.0 | RHSA-2015:0720 | 2015-03-24 |
| Red Hat JBoss Enterprise Application Platform 5.2 | RHSA-2014:1323 | 2014-09-29 |
| Red Hat JBoss Web Platform 5.2 | RHSA-2014:1322 | 2014-09-29 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server | RHSA-2014:2019 | 2014-12-18 |
| Red Hat JBoss BPMS 6.0 | RHSA-2015:0234 | 2015-02-17 |
| Red Hat JBoss BPMS 6.0 | RHSA-2014:1892 | 2014-11-24 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (apache-cxf) | RHSA-2014:1834 | 2014-11-10 |
| Red Hat JBoss Data Virtualization 6.0 | RHSA-2015:0765 | 2015-03-31 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (httpcomponents-eap6) | RHSA-2014:1162 | 2014-09-04 |
| Red Hat JBoss Operations Network 3.3 | RHSA-2014:1904 | 2014-11-25 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jakarta-commons-httpclient) | RHSA-2014:1321 | 2014-09-29 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server | RHSA-2014:2019 | 2014-12-18 |
| Red Hat JBoss Enterprise Application Platform 6.3 | RHSA-2014:2020 | 2014-12-18 |
| Red Hat JBoss Enterprise Application Platform 5.2 | RHSA-2014:1836 | 2014-11-10 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jakarta-commons-httpclient) | RHSA-2014:1321 | 2014-09-29 |
| Red Hat JBoss Web Platform 5 for RHEL 6 Server (jakarta-commons-httpclient) | RHSA-2014:1320 | 2014-09-29 |
| Red Hat JBoss BRMS 6.0 | RHSA-2014:1891 | 2014-11-24 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (httpcomponents-eap6) | RHSA-2014:1162 | 2014-09-04 |
| Red Hat JBoss Portal 6.2 | RHSA-2015:1009 | 2015-05-14 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (apache-cxf) | RHSA-2014:1834 | 2014-11-10 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jakarta-commons-httpclient) | RHSA-2014:1321 | 2014-09-29 |
| Red Hat JBoss Web Platform 5 for RHEL 5 Server (jakarta-commons-httpclient) | RHSA-2014:1320 | 2014-09-29 |
| Red Hat JBoss Data Virtualization 6.1 | RHSA-2015:0675 | 2015-03-11 |
| RHEV Manager 3 (org.ovirt.engine-root) | RHSA-2015:0158 | 2015-02-11 |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server (httpcomponents-eap6) | RHSA-2014:1162 | 2014-09-04 |
| Red Hat JBoss BRMS 6.0 | RHSA-2015:0235 | 2015-02-17 |
| Red Hat JBoss Web Platform 5 for RHEL 6 Server (apache-cxf) | RHSA-2014:1833 | 2014-11-10 |
| Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Server (devtoolset-2-httpcomponents-client) | RHSA-2014:1098 | 2014-08-26 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (apache-cxf) | RHSA-2014:1834 | 2014-11-10 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS (apache-cxf) | RHSA-2014:1833 | 2014-11-10 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS (jakarta-commons-httpclient) | RHSA-2014:1320 | 2014-09-29 |
| Red Hat JBoss Web Platform 5.2 | RHSA-2014:1835 | 2014-11-10 |
| Red Hat JBoss BRMS 6.0 | RHSA-2015:0850 | 2015-04-16 |
| Red Hat JBoss Web Framework Kit 2.7 | RHSA-2015:0125 | 2015-02-04 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | maven30-jakarta-commons-httpclient | Not affected |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | maven30-httpcomponents-client | Not affected |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux | thermostat1-httpcomponents-client | Not affected |
| Red Hat Satellite 6 | httpcomponents-client | Affected |
| Red Hat Satellite 5 | jakarta-commons-httpclient | Affected |
| Red Hat OpenShift Enterprise 2 | wagon-http | Not affected |
| Red Hat OpenShift Enterprise 2 | jakarta-commons-httpclient | Affected |
| Red Hat OpenShift Enterprise 2 | httpclient | Not affected |
| Red Hat OpenShift Enterprise 1 | wagon-http | Not affected |
| Red Hat OpenShift Enterprise 1 | jakarta-commons-httpclient | Will not fix |
| Red Hat JBoss Portal 5 | httpclient | Affected |
| Red Hat JBoss Portal 5 | jakarta-commons-httpclient | Affected |
| Red Hat JBoss Enterprise SOA Platform 4.3 | jakarta-commons-httpclient | Will not fix |
| Red Hat JBoss EWS 1 | jakarta-commons-httpclient | Will not fix |
| Red Hat JBoss EAP 4 | jakarta-commons-httpclient | Will not fix |
| Red Hat JBoss Data Grid 6 | httpclient | Affected |
| Red Hat JBoss Data Grid 6 | cxf | Affected |
| Red Hat JBoss BRMS 5 | jakarta-commons-httpclient | Will not fix |
| Red Hat JBoss BRMS 5 | httpclient | Will not fix |
| Red Hat JBoss BRMS 5 | cxf | Affected |
| Red Hat JBoss BRMS 5 | modeshape-client | Will not fix |
| Red Hat Gluster Storage 3.0 | rhevm-dependencies | Will not fix |
| Red Hat Gluster Storage 2.1 | rhevm-dependencies | Will not fix |
| Red Hat Enterprise Linux 7 | jakarta-commons-httpclient | Not affected |
| Red Hat Enterprise Linux 7 | httpcomponents-client | Not affected |
| Red Hat Enterprise Linux 6 | jakarta-commons-httpclient | Not affected |
| Red Hat Enterprise Linux 5 | jakarta-commons-httpclient | Not affected |
| RHEV Manager 3 | jasperreports-server-pro | Affected |
| RHEV Manager 3 | rhevm-dependencies | Affected |
| RHEV Manager 3 | redhat-support-plugin-rhev | Affected |
