Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 692584 - (CVE-2011-1483) CVE-2011-1483 JBossWS remote Denial of Service
CVE-2011-1483 JBossWS remote Denial of Service
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,source=redhat,public...
: Security
Depends On: 725919
Blocks: 735463
  Show dependency treegraph
 
Reported: 2011-03-31 11:46 EDT by Marc Schoenefeld
Modified: 2011-11-10 20:09 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-19 01:51:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBEPP-1352 Blocker Closed A security issue has been identified in jbossws-native that impacts EPP, BZ#692584 (EPP5) 2018-03-15 17:54 EDT
Red Hat Product Errata RHSA-2011:1301 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 13:52:35 EDT
Red Hat Product Errata RHSA-2011:1302 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 13:52:25 EDT
Red Hat Product Errata RHSA-2011:1303 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 13:52:14 EDT
Red Hat Product Errata RHSA-2011:1304 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 13:52:04 EDT
Red Hat Product Errata RHSA-2011:1305 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 14:26:43 EDT
Red Hat Product Errata RHSA-2011:1306 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 14:06:18 EDT
Red Hat Product Errata RHSA-2011:1307 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 14:26:33 EDT
Red Hat Product Errata RHSA-2011:1308 normal SHIPPED_LIVE Important: JBoss Communications Platform 1.2.11 and 5.1.1 security update 2011-09-15 14:36:56 EDT
Red Hat Product Errata RHSA-2011:1309 normal SHIPPED_LIVE Important: jbossas security update 2011-09-15 14:57:54 EDT
Red Hat Product Errata RHSA-2011:1310 normal SHIPPED_LIVE Important: jbossws security update 2011-09-15 14:47:26 EDT
Red Hat Product Errata RHSA-2011:1311 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 14:47:16 EDT
Red Hat Product Errata RHSA-2011:1312 normal SHIPPED_LIVE Important: jbossws-common security update 2011-09-15 15:18:24 EDT
Red Hat Product Errata RHSA-2011:1313 normal SHIPPED_LIVE Important: JBoss Enterprise BRMS Platform 5.1.0 security update 2011-09-15 15:49:36 EDT

  None (edit)
Comment 2 Marc Schoenefeld 2011-04-01 11:21:08 EDT 
JBossWS native does not properly protect against recursive entity resolution with embedded DTDs. A remote attacker could cause a Denial-Of-Service by CPU resource exhaustion with a carefully crafted POST request to a deployed web service.
Comment 6 errata-xmlrpc 2011-09-15 13:52:09 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Web Platform 5.1.1

Via RHSA-2011:1304 https://rhn.redhat.com/errata/RHSA-2011-1304.html
Comment 7 errata-xmlrpc 2011-09-15 13:52:19 EDT 
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2011:1303 https://rhn.redhat.com/errata/RHSA-2011-1303.html
Comment 8 errata-xmlrpc 2011-09-15 13:52:30 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 5.1.1

Via RHSA-2011:1302 https://rhn.redhat.com/errata/RHSA-2011-1302.html
Comment 9 errata-xmlrpc 2011-09-15 13:52:40 EDT 
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2011:1301 https://rhn.redhat.com/errata/RHSA-2011-1301.html
Comment 10 errata-xmlrpc 2011-09-15 14:06:22 EDT 
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5

Via RHSA-2011:1306 https://rhn.redhat.com/errata/RHSA-2011-1306.html
Comment 11 errata-xmlrpc 2011-09-15 14:26:38 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 4.3.CP06

Via RHSA-2011:1307 https://rhn.redhat.com/errata/RHSA-2011-1307.html
Comment 12 errata-xmlrpc 2011-09-15 14:26:48 EDT 
This issue has been addressed in following products:

    JBoss Enterprise SOA Platform 4.2.CP05
    JBoss Enterprise SOA Platform 4.3.CP05
    JBoss Enterprise SOA Platform 5.1.0

Via RHSA-2011:1305 https://rhn.redhat.com/errata/RHSA-2011-1305.html
Comment 13 errata-xmlrpc 2011-09-15 14:37:01 EDT 
This issue has been addressed in following products:

    JBoss Communications Platform 1.2.11
    JBoss Communications Platform 5.1.1

Via RHSA-2011:1308 https://rhn.redhat.com/errata/RHSA-2011-1308.html
Comment 14 errata-xmlrpc 2011-09-15 14:47:21 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Portal Platform 5.1.1

Via RHSA-2011:1311 https://rhn.redhat.com/errata/RHSA-2011-1311.html
Comment 15 errata-xmlrpc 2011-09-15 14:47:31 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.2.0.CP09

Via RHSA-2011:1310 https://rhn.redhat.com/errata/RHSA-2011-1310.html
Comment 16 errata-xmlrpc 2011-09-15 14:58:02 EDT 
This issue has been addressed in following products:

  JBEAP 4.2.0 for RHEL 4
  JBEAP 4.2.0 for RHEL 5

Via RHSA-2011:1309 https://rhn.redhat.com/errata/RHSA-2011-1309.html
Comment 17 errata-xmlrpc 2011-09-15 15:18:28 EDT 
This issue has been addressed in following products:

    JBoss Enterprise Application Platform 4.3

Via RHSA-2011:1312 https://rhn.redhat.com/errata/RHSA-2011-1312.html
Comment 18 errata-xmlrpc 2011-09-15 15:49:41 EDT 
This issue has been addressed in following products:

    JBoss Enterprise BRMS Platform 5.1.0

Via RHSA-2011:1313 https://rhn.redhat.com/errata/RHSA-2011-1313.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.