SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Server/CGI)  >   Red Hat JBoss Vendors:   Red Hat
(Red Hat Issues Fix) Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1042042
SecurityTracker URL:  http://securitytracker.com/id/1042042
CVE Reference:   CVE-2018-14667   (Links to External Site)
Date:  Nov 7 2018
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Red Hat JBoss. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted UserResource RichFaces expression language that contains a tainted java serialized object org.ajax4jsf.resource.UserResource$UriData expression that will trigger deserialization after clearing white list protections. As a result, arbitrary code may be executed on the target system.

Joao Filho Matos Figueiredo reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   Red Hat has issued a fix for SOA Platform 5.3.1.

The Red Hat advisory is available at:

https://access.redhat.com/errata/RHSA-2018:3519

Vendor URL:  access.redhat.com/errata/RHSA-2018:3519 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 6 2018 Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [RHSA-2018:3519-01] Critical: Red Hat JBoss SOA Platform security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat JBoss SOA Platform security update
Advisory ID:       RHSA-2018:3519-01
Product:           Red Hat JBoss SOA Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3519
Issue date:        2018-11-07
CVE Names:         CVE-2018-14667 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss SOA Platform 5.3.1.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat JBoss SOA Platform is the next-generation ESB and business process
automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage
existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and
CEP) integration methodologies to dramatically improve business process
execution speed and quality.

This asynchronous patch is a security update for the RichFaces package in
Red Hat JBoss SOA Platform 5.3.1.

Security Fix(es):

* RichFaces: Expression Language injection via UserResource allows for
unauthenticated remote code execution (CVE-2018-14667)

See https://access.redhat.com/solutions/3660371 for specific information
regarding this flaw.

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this
issue.

3. Solution:

The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss SOA Platform installation (including its databases,
applications, configuration files, and so on).

Note that it is recommended to halt the Red Hat JBoss SOA Platform server
by stopping the JBoss Application Server process before installing this
update, and then after installing the update, restart the Red Hat JBoss SOA
Platform server by starting the JBoss Application Server process.

4. Bugs fixed (https://bugzilla.redhat.com/):

1639139 - CVE-2018-14667 RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution

5. References:

https://access.redhat.com/security/cve/CVE-2018-14667
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/solutions/3660371
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW+JE0NzjgjWX9erEAQgAjw/+ON6OJ8Z2R4hSyoeeYQEpOJLnKwTlzksw
IBcUaQxv7WPHXtCBMqWOvXCEqLLG8YrIDMCtsJzcOYfDMuL8ecIBSw9of0cheiVl
G/duIEz9cWAqrSFGgIsYYjYUtFolU4pOgwZp71jZyzZknjT4dQi3cIHVBs9OMHLK
Tp7fjz5j5H5KIIQjM9ANusp1segZcaf7ueX0UNHLUvHF1UhSrv09sCFGHs8iXPaT
ZVKVcqUm60Iao6SHl0rc7LhZCjOEMB9E3bsNvPYFZxTErzMhCvbURTd32MkNCfqu
lyukeJoigkD/b1Te7Z0D1q+zGk+ek+UNG+E2RM7MtuR6WblOsQ14D3xz3Lm2xld8
afhwohGNm9is7BHpMfhoRxgQkT87a2Vco3912kM9foSQ3GwHIZ28GabVndtz58f/
5YIbVDLoFLT0MppP3EBXXC/yLMqXVpveo8F6XdeGH7+/b2zJ94eOOZ26SmeBnXSF
gVXNW0zqlo387AodqVVNrpkLqPpDyw4TXiiUOe0DGUV1MLNPccKlaQONZMheCj8A
qaNyW20dLmIXkBMcIop2LDc6D9ui8KnDHRlvk1cLtDqxG40i75yId8fif3hsA0Qc
mB9iMBwKWr5Hxbzqu3qOOV1wI3icccTefQlePJiQMJ89RGv6CbRExvHpHZlBbFtu
IXr4lPhyIHk=
=xDUD
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC