Bug 1051279 (CVE-2013-6469)
Summary: | CVE-2013-6469 RTgov: Remote Java Code Execution in MVEL | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pavel Polischouk <pavelp> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-04-09 13:17:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1005275 | ||
Bug Blocks: | 1061967 |
Description
Pavel Polischouk
2014-01-10 00:40:58 UTC
Statement: This issue does not affect RTgov as shipped with Red Hat JBoss Fuse Service Works 6. It may affect earlier versions of the upstream JBoss Overlord RTGov project. In Red Hat JBoss Fuse Service Works 6, this flaw is mitigated by configuration options that either remove the vulnerable interface, or constrain it using a Java Security Manager policy. These options are documented in the Installation and Security Guides for the product. |