RHSA-2013:1853: Moderate: Red Hat JBoss Operations Network 3.2.0 update

Published Dec 17, 2013
·
Updated

Red Hat JBoss Operations Network is a middleware management solution thatprovides a single point of control to deploy, manage, and monitor JBossEnterprise Middleware, applications, and services.This JBoss Operations Network 3.2.0 release serves as a replacement forJBoss Operations Network 3.1.2, and includes several bug fixes. Refer tothe JBoss Operations Network 3.2.0 Release Notes for information on themost significant of these changes. The Release Notes will be availableshortly from https://access.redhat.com/site/documentation/ The following security issues are also fixed with this release:It was found that sending a request without a session identifier to aprotected resource could bypass the Cross-Site Request Forgery (CSRF)prevention filter. A remote attacker could use this flaw to perform CSRFattacks against applications that rely on the CSRF prevention filter and donot contain internal mitigation for CSRF. (CVE-2012-4431)The Jakarta Commons HttpClient component did not verify that the serverhostname matched the domain name in the subject's Common Name (CN) orsubjectAltName field in X.509 certificates. This could allow aman-in-the-middle attacker to spoof an SSL server if they had a certificatethat was valid for any domain name. (CVE-2012-5783)A flaw was found in the way Apache Santuario XML Security for Javavalidated XML signatures. Santuario allowed a signature to specify anarbitrary canonicalization algorithm, which would be applied to theSignedInfo XML fragment. A remote attacker could exploit this to spoof anXML signature via a specially crafted XML signature block. (CVE-2013-2172)Warning: Before applying the update, back up your existing JBoss OperationsNetwork installation (including its databases, applications, configurationfiles, the JBoss Operations Network server's file system directory, and soon).All users of JBoss Operations Network 3.1.2 as provided from the Red HatCustomer Portal are advised to upgrade to JBoss Operations Network 3.2.0.

Affected Software

1 affected component
Red Hat JBoss Operations Network

Remediation

Event History

Dec 17, 2013
Advisory Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2013:1853?

The severity of RHSA-2013:1853 is classified as moderate.

2

How do I fix RHSA-2013:1853?

To fix RHSA-2013:1853, apply the updated packages provided by Red Hat for JBoss Operations Network.

3

What systems are affected by RHSA-2013:1853?

RHSA-2013:1853 affects Red Hat JBoss Operations Network versions prior to the specified update.

4

What vulnerabilities are addressed in RHSA-2013:1853?

RHSA-2013:1853 addresses issues related to stability and security in JBoss Operations Network.

5

Is there a workaround for RHSA-2013:1853?

There are no known workarounds for RHSA-2013:1853; updating is the recommended approach.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203