Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
2. Fixed Security-Related Issues
The following CVEs and security issues have been addressed in JBoss Operations Network 3.0.1.
2.1. Improper System Permissions for the JBoss ON CLI Directory: CVE-2012-0032
링크 복사링크가 클립보드에 복사되었습니다!
After extracting the
rhq-remoting-cli-version.zip package, the JBoss ON CLI root directory had global read, write, and execute permissions. Any child directories and scripts old be accessed and modified by any local user. A local attacker could use these permissions to steal JBoss ON user credentials or to run arbitrary code.
2.2. Improper Handling of LDAP Authentication Failures: Bugzilla 750521/CVE-2012-1100
링크 복사링크가 클립보드에 복사되었습니다!
If a user authenticating to JBoss ON through LDAP gave invalid credentials, they could still be logged into the JBoss ON UI as long as the user account had successfully logged in using LDAP credentials before.
A remote attacker could use this flaw to gain access to the JBoss ON server using an LDAP account without supplying a password.
2.3. CPU Usage Spikes in Tomcat as Part of DoS Attack: Bugzilla 750521/CVE-2011-4858
링크 복사링크가 클립보드에 복사되었습니다!
In some circumstances, Tomcat could allow a denial of service attack if an attacker triggered predictable collisions in the hashing algorithms used by Java, Python, PHP, and other languages in POST statements. The collisions would cause CPU usage to spike to 100% and effectively cause a denial of service.
The version of JBossWeb used by the JBoss ON server has been upgraded to include fixes for CVE-2011-4858.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}