en

‫ Red Hat update for Red Hat JBoss Web Framework Kit

ID: IRCAD2015033837
Release Date: 2015-03-25
Criticality level: Highly critical
Software:
Red Hat JBoss Web Framework Kit 2.x
Description:
Red Hat has issued an update for Red Hat JBoss Web Framework Kit. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "do" parameter is not properly sanitised before being used in RichFaces, which can be exploited to inject expression language (EL) and subsequently execute arbitrary Java code.
Solution
Apply patch.
References:
RHSA-2015:0719-1:
Takeshi Terada:
Secunia:
 

The Wall

No comments
You need to sign in to comment