‫ Red Hat update for Red Hat JBoss Web Framework Kit

ID: IRCAD2015033837
Release Date: 2015-03-25
Criticality level: Highly critical
Software:
Red Hat JBoss Web Framework Kit 2.x
Description:
Red Hat has issued an update for Red Hat JBoss Web Framework Kit. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "do" parameter is not properly sanitised before being used in RichFaces, which can be exploited to inject expression language (EL) and subsequently execute arbitrary Java code.
Solution
Apply patch.
References:
RHSA-2015:0719-1:
Takeshi Terada:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اردیبهشت 1394

امتیاز

امتیاز شما
تعداد امتیازها:0