RHSA-2014:0216: Important: XStream security update
XStream is a simple library to serialize and de-serialize objects to andfrom XML.It was found that XStream could deserialize arbitrary user-supplied XMLcontent, representing objects of any type. A remote attacker able to passXML to XStream could use this flaw to perform a variety of attacks,including remote code execution in the context of the server running theXStream application. (CVE-2013-7285)All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from theRed Hat Customer Portal are advised to apply this update.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:0216?
The severity of RHSA-2014:0216 is classified as important.
How do I fix RHSA-2014:0216?
To fix RHSA-2014:0216, update Red Hat JBoss Fuse Service Works to the patched version provided by Red Hat.
What systems are affected by RHSA-2014:0216?
RHSA-2014:0216 affects Red Hat JBoss Fuse Service Works.
What type of vulnerability is RHSA-2014:0216?
RHSA-2014:0216 is a vulnerability related to the deserialization of arbitrary user-supplied XML content.
Who can exploit RHSA-2014:0216?
A remote attacker who is able to pass XML to XStream can exploit the vulnerability RHSA-2014:0216.