Vulnerabilities > CVE-2013-4112 - Information Exposure vulnerability in multiple products

047910
CVSS 5.4 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
jgroups
redhat
CWE-200
nessus
NVD
Published: 2013-09-28
Updated: 2014-03-08

Summary

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

Vulnerable Configurations

Part Description Count
Application
Jgroups
28
Application
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1209.NASL
    descriptionThe version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks. (CVE-2012-3499) - Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558) - A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV. (CVE-2013-1896) - A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file. (CVE-2013-1921) - A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172) - A flaw in JGroup
    last seen2020-06-01
    modified2020-06-02
    plugin id72238
    published2014-01-31
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72238
    titleJBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72238);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id(
    "CVE-2012-3499",
    "CVE-2012-4558",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-1921",
    "CVE-2013-2172",
    "CVE-2013-4112"
  );
  script_bugtraq_id(58165, 59826, 60846, 61129, 61179, 62256);
  script_xref(name:"RHSA", value:"2013:1209");

  script_name(english:"JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)");
  script_summary(english:"Checks for the install versions of JBoss Enterprise Application Platform");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of JBoss Enterprise Application Platform installed on the
remote system is affected by the following issues :

  - Flaws in the mod_info, mod_status, mod_imagemap,
    mod_ldap, and mod_proxy_ftp modules can allow an
    attacker to perform cross-site scripting (XSS) attacks.
    (CVE-2012-3499)

  - Flaws in the web interface of the mod_proxy_balancer
    module can allow a remote attacker to perform XSS
    attacks. (CVE-2012-4558)

  - A flaw in mod_rewrite can allow remote attackers to
    execute arbitrary commands via an HTTP request
    containing an escape sequence for a terminal emulator.
    (CVE-2013-1862)

  - A flaw in the method by which the mod_dav module
    handles merge requests can allow an attacker to create
    a denial of service by sending a crafted merge request
    that contains URIs that are not configured for DAV.
    (CVE-2013-1896)

  - A flaw in PicketBox can allow local users to obtain the
    admin encryption key by reading the Vault data file.
    (CVE-2013-1921)

  - A flaw in Apache Santuario XML Security can allow
    context-dependent attackers to spoof an XML Signature
    by using the CanonicalizationMethod parameter to
    specify an arbitrary weak algorithm. (CVE-2013-2172)

  - A flaw in JGroup's DiagnosticsHandler can allow remote
    attackers to obtain sensitive information and execute
    arbitrary code by re-using valid credentials.
    (CVE-2013-4112)");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-3499.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4558.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1862.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1896.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html");

  script_set_attribute(attribute:"solution", value:
"Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to
6.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# We are only interested in Red Hat systems
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");

info = "";
jboss = 0;
installs = get_kb_list_or_exit("Host/JBoss/EAP");
if(!isnull(installs)) jboss = 1;

foreach install (make_list(installs))
{
  match = eregmatch(string:install, pattern:"([^:]+):(.*)");

  if (!isnull(match))
  {
    ver = match[1];
    path = match[2];

    if (ver =~ "^6.1.0([^0-9]|$)")
    {
      info += '\n' + '  Path    : ' + path+ '\n';
      info += '  Version : ' + ver + '\n';
    }
  }
}

# Report what we found.
if (info)
{
  set_kb_item(name: 'www/0/XSS', value: TRUE);

  if (report_verbosity > 0)
  {
    if (max_index(split(info)) > 3) s = 's of the JBoss Enterprise Application Platform are';
    else s = ' of the JBoss Enterprise Application Platform is';

    report =
      '\n' +
      'The following instance'+s+' out of date and\nshould be upgraded to 6.1.1 or later :\n' +
      info;

    security_warning(port:0, extra:report);
  }
  else security_warning(port:0);
}
else if ( (!info) && (jboss) )
{
  exit(0, "The JBoss Enterprise Application Platform version installed is not affected.");
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1437.NASL
    descriptionThe version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. (CVE-2012-4431) - A flaw that occurs when the COOKIE session tracking method is used can allow attackers to hijack users
    last seen2020-06-01
    modified2020-06-02
    plugin id72237
    published2014-01-31
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72237
    titleJBoss Portal 6.1.0 Update (RHSA-2013:1437)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72237);
  script_version("1.8");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id(
    "CVE-2012-4431",
    "CVE-2012-4529",
    "CVE-2012-4572",
    "CVE-2012-5575",
    "CVE-2013-1921",
    "CVE-2013-2067",
    "CVE-2013-2102",
    "CVE-2013-2160",
    "CVE-2013-2172",
    "CVE-2013-4112",
    "CVE-2013-4128",
    "CVE-2013-4213"
  );
  script_bugtraq_id(
    56814,
    59799,
    60040,
    60043,
    60045,
    60846,
    61030,
    61179,
    61739,
    61742,
    62256,
    63196
  );
  script_xref(name:"RHSA", value:"2013:1437");

  script_name(english:"JBoss Portal 6.1.0 Update (RHSA-2013:1437)");
  script_summary(english:"Checks for the install versions of JBoss Portal");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of JBoss Enterprise Portal Platform on the remote system is
affected by the following issues:

  - A flaw in CSRF prevention filter in JBoss Web could allow
    remote attackers to bypass the cross-site request forgery
    (CSRF) protection mechanism via a request that lacks a
    session identifier. (CVE-2012-4431)

  - A flaw that occurs when the COOKIE session tracking
    method is used can allow attackers to hijack users'
    sessions. (CVE-2012-4529)

  - A flaw that occurs when multiple applications use the
    same custom authorization module class name can allow a
    local attacker to deploy a malicious application that
    overrides the custom authorization modules provided by
    other applications. (CVE-2012-4572)

  - The framework does not verify that a specified
    cryptographic algorithm is allowed by the
    WS-SecurityPolicy AlgorithmSuite definition before
    decrypting.  This can allow remote attackers to force
    the system to use weaker cryptographic algorithms than
    intended and makes it easier to decrypt communications.
    (CVE-2012-5575)

  - A flaw in PicketBox can allow local users to obtain the
    admin encryption key by reading the Vault data file.
    (CVE-2013-1921)

  - A session fixation flaw was found in the
    FormAuthenticator module. (CVE-2013-2067)

  - A flaw that occurs when a JGroups channel was started
    results in the JGroups diagnostics service being enabled
    by default with no authentication via IP multicast. A
    remote attacker can make use of this flaw to read
    diagnostics information. (CVE-2013-2102)

  - A flaw in the StAX parser implementation can allow
    remote attackers to cause a denial of service via
    crafted XML. (CVE-2013-2160)

  - A flaw in Apache Santuario XML Security can allow
    context-dependent attackers to spoof an XML Signature
    by using the CanonicalizationMethod parameter to
    specify an arbitrary weak algorithm. (CVE-2013-2172)

  - A flaw in JGroup's DiagnosticsHandler can allow remote
    attackers to obtain sensitive information and execute
    arbitrary code by re-using valid credentials.
    (CVE-2013-4112)

  - A flaw in the manner in which authenticated connections
    were cached on the server by remote-naming can allow
    remote attackers to hijack sessions by using a remoting
    client. (CVE-2013-4128)

  - A flaw in the manner in which connections for EJB
    invocations were cached on the server can allow remote
    attackers to hijack sessions by using an EJB client.
    (CVE-2013-4213)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=868202");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=872059");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=880443");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=883636");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=929197");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=948106");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=961779");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=963984");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=983489");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=984795");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=985359");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=999263");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4431.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4529.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4572.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-5575.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2067.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2102.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2160.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4128.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4213.html");

  script_set_attribute(attribute:"solution", value:
"Upgrade the installed JBoss Portal 6.0.0 to 6.1.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# We are only interested in Red Hat systems
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");

info = "";
jboss = 0;
installs = get_kb_list_or_exit("Host/JBoss/Portal Platform");
if(!isnull(installs)) jboss = 1;

foreach install (make_list(installs))
{
  match = eregmatch(string:install, pattern:"([^:]+):(.*)");

  if (!isnull(match))
  {
    ver = match[1];
    path = match[2];

    if (ver =~ "^6.0.0([^0-9]|$)")
    {
      info += '\n' + '  Path    : ' + path+ '\n';
      info += '  Version : ' + ver + '\n';
    }
  }
}

# Report what we found.
if (info)
{
  set_kb_item(name:"www/0/XSRF", value:TRUE);
  if (report_verbosity > 0)
  {
    if (max_index(split(info)) > 3) s = 's of JBoss Enterprise Portal Platform are';
    else s = ' of JBoss Enterprise Portal Platform is';

    report =
      '\n' +
      'The following instance'+s+' out of date and\nshould be upgraded to 6.1.0 or later :\n' +
      info;

    security_hole(port:0, extra:report);
  }
  else security_hole(port:0);
}
else if ( (!info) && (jboss) )
{
  exit(0, "The JBoss Enterprise Portal Platform version installed is not affected.");
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1207.NASL
    descriptionRed Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id69882
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69882
    titleRHEL 5 : JBoss EAP (RHSA-2013:1207)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:1207. The text
# itself is copyright (C) Red Hat, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(69882);
  script_version("1.8");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id(
    "CVE-2012-3499",
    "CVE-2012-4558",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-1921",
    "CVE-2013-2172",
    "CVE-2013-4112"
  );
  script_bugtraq_id(58165, 59826, 60846, 61129, 61179, 62256);
  script_xref(name:"RHSA", value:"2013:1207");

  script_name(english:"RHEL 5 : JBoss EAP (RHSA-2013:1207)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes
multiple security issues, various bugs, and adds enhancements, is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.1.0, and includes bug fixes and enhancements.
Refer to the 6.1.1 Release Notes for information on the most
significant of these changes, available shortly from
https://access.redhat.com/site/documentation/

Security fixes :

Cross-site scripting (XSS) flaws were found in the mod_info,
mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they
were able to make the victim's browser generate an HTTP request with a
specially crafted Host header. (CVE-2012-3499)

Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a
user, who was logged into the manager web interface, into visiting a
specially crafted URL, it would lead to arbitrary web script execution
in the context of the user's manager interface session.
(CVE-2012-4558)

A flaw was found in the way the mod_dav module handled merge requests.
An attacker could use this flaw to send a crafted merge request that
contains URIs that are not configured for DAV, causing the httpd child
process to crash. (CVE-2013-1896)

A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof
an XML signature via a specially crafted XML signature block.
(CVE-2013-2172)

It was found that mod_rewrite did not filter terminal escape sequences
from its log file. If mod_rewrite was configured with the RewriteLog
directive, a remote attacker could use specially crafted HTTP requests
to inject terminal escape sequences into the mod_rewrite log file. If
a victim viewed the log file with a terminal emulator, it could result
in arbitrary command execution with the privileges of that user.
(CVE-2013-1862)

The data file used by PicketBox Vault to store encrypted passwords
contains a copy of its own admin key. The file is encrypted using only
this admin key, not the corresponding JKS key. A local attacker with
permission to read the vault data file could read the admin key from
the file, and use it to decrypt the file and read the stored passwords
in clear text. (CVE-2013-1921)

A flaw was found in JGroup's DiagnosticsHandler that allowed an
attacker on an adjacent network to reuse the credentials from a
previous successful authentication. This could be exploited to read
diagnostic information (information disclosure) and attain limited
remote code execution. (CVE-2013-4112)

Warning: Before applying this update, back up your existing Red Hat
JBoss Enterprise Application Platform installation and deployed
applications. Refer to the Solution section for further details.

All users of Red Hat JBoss Enterprise Application Platform 6.1.0 on
Red Hat Enterprise Linux 5 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2012-3499.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2012-4558.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1862.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1896.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/site/documentation/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2013-1207.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf-xjc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-boolean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-dv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-ts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jaxbintros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-aesh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-hal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-invocation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-jsp-api_2.2_spec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remote-naming");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-stdio");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-cxf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-spi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jcip-annotations-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jgroups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:log4j-jboss-logmanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netty");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:opensaml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-federation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wss4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xml-security");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (!rpm_exists(rpm:"jboss-as-server", release:"RHEL5"))  exit(0, "Red Hat JBoss EAP is not installed.");

flag = 0;
if (rpm_check(release:"RHEL5", reference:"apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"apache-cxf-2.6.8-8.redhat_7.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"cxf-xjc-boolean-2.6.0-2.redhat_4.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"cxf-xjc-dv-2.6.0-2.redhat_4.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"cxf-xjc-ts-2.6.0-2.redhat_4.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hibernate4-4.2.0-11.SP1_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hibernate4-core-4.2.0-11.SP1_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hibernate4-entitymanager-4.2.0-11.SP1_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hibernate4-envers-4.2.0-11.SP1_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hibernate4-infinispan-4.2.0-11.SP1_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"hornetq-2.3.5-2.Final_redhat_2.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"hornetq-native-2.3.5-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"hornetq-native-2.3.5-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-devel-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-devel-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-tools-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-tools-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"infinispan-5.2.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"infinispan-cachestore-jdbc-5.2.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"infinispan-cachestore-remote-5.2.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"infinispan-client-hotrod-5.2.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"infinispan-core-5.2.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-common-api-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-common-impl-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-common-spi-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-core-api-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-core-impl-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-deployers-common-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-jdbc-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-spec-api-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"ironjacamar-validator-1.0.19-1.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jaxbintros-1.0.2-16.GA_redhat_6.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-aesh-0.33.7-2.redhat_2.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-marshalling-1.3.18-2.GA_redhat_1.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-modules-1.2.2-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossts-4.17.7-4.Final_redhat_4.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossws-common-2.1.3-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jcip-annotations-eap6-1.0-4.redhat_4.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"jgroups-3.2.10-1.Final_redhat_2.2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mod_ssl-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mod_ssl-2.2.22-25.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"netty-3.6.6-3.Final_redhat_1.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"opensaml-2.5.1-2.redhat_2.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"openws-1.4.2-10.redhat_4.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"wss4j-1.6.10-1.redhat_1.ep6.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"xml-security-1.5.5-1.redhat_1.ep6.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1208.NASL
    descriptionRed Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id69883
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69883
    titleRHEL 6 : JBoss EAP (RHSA-2013:1208)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:1208. The text
# itself is copyright (C) Red Hat, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(69883);
  script_version("1.8");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id(
    "CVE-2012-3499",
    "CVE-2012-4558",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-1921",
    "CVE-2013-2172",
    "CVE-2013-4112"
  );
  script_bugtraq_id(58165, 59826, 60846, 61129, 61179, 62256);
  script_xref(name:"RHSA", value:"2013:1208");

  script_name(english:"RHEL 6 : JBoss EAP (RHSA-2013:1208)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes
multiple security issues, various bugs, and adds enhancements, is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.1.0, and includes bug fixes and enhancements.
Refer to the 6.1.1 Release Notes for information on the most
significant of these changes, available shortly from
https://access.redhat.com/site/documentation/

Security fixes :

Cross-site scripting (XSS) flaws were found in the mod_info,
mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they
were able to make the victim's browser generate an HTTP request with a
specially crafted Host header. (CVE-2012-3499)

Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a
user, who was logged into the manager web interface, into visiting a
specially crafted URL, it would lead to arbitrary web script execution
in the context of the user's manager interface session.
(CVE-2012-4558)

A flaw was found in the way the mod_dav module handled merge requests.
An attacker could use this flaw to send a crafted merge request that
contains URIs that are not configured for DAV, causing the httpd child
process to crash. (CVE-2013-1896)

A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof
an XML signature via a specially crafted XML signature block.
(CVE-2013-2172)

It was found that mod_rewrite did not filter terminal escape sequences
from its log file. If mod_rewrite was configured with the RewriteLog
directive, a remote attacker could use specially crafted HTTP requests
to inject terminal escape sequences into the mod_rewrite log file. If
a victim viewed the log file with a terminal emulator, it could result
in arbitrary command execution with the privileges of that user.
(CVE-2013-1862)

The data file used by PicketBox Vault to store encrypted passwords
contains a copy of its own admin key. The file is encrypted using only
this admin key, not the corresponding JKS key. A local attacker with
permission to read the vault data file could read the admin key from
the file, and use it to decrypt the file and read the stored passwords
in clear text. (CVE-2013-1921)

A flaw was found in JGroup's DiagnosticsHandler that allowed an
attacker on an adjacent network to reuse the credentials from a
previous successful authentication. This could be exploited to read
diagnostic information (information disclosure) and attain limited
remote code execution. (CVE-2013-4112)

Warning: Before applying this update, back up your existing Red Hat
JBoss Enterprise Application Platform installation and deployed
applications. Refer to the Solution section for further details.

All users of Red Hat JBoss Enterprise Application Platform 6.1.0 on
Red Hat Enterprise Linux 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2012-3499.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2012-4558.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1862.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1896.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-1921.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-2172.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2013-4112.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/site/documentation/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2013-1208.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf-xjc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-boolean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-dv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cxf-xjc-ts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jaxbintros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-aesh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-hal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-invocation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-jsp-api_2.2_spec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remote-naming");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-stdio");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-cxf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-spi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jcip-annotations-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jgroups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:log4j-jboss-logmanager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netty");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:opensaml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-federation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wss4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xml-security");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (!rpm_exists(rpm:"jboss-as-server", release:"RHEL6"))  exit(0, "Red Hat JBoss EAP is not installed.");

flag = 0;
if (rpm_check(release:"RHEL6", reference:"apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"apache-cxf-2.6.8-8.redhat_7.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"cxf-xjc-boolean-2.6.0-2.redhat_4.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"cxf-xjc-dv-2.6.0-2.redhat_4.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"cxf-xjc-ts-2.6.0-2.redhat_4.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hibernate4-4.2.0-7.SP1_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hibernate4-core-4.2.0-7.SP1_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hibernate4-entitymanager-4.2.0-7.SP1_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hibernate4-envers-4.2.0-7.SP1_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hibernate4-infinispan-4.2.0-7.SP1_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"hornetq-2.3.5-2.Final_redhat_2.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-devel-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-devel-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-tools-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"infinispan-5.2.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"infinispan-cachestore-jdbc-5.2.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"infinispan-cachestore-remote-5.2.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"infinispan-client-hotrod-5.2.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"infinispan-core-5.2.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-api-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-impl-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-spi-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-core-api-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-core-impl-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-deployers-common-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-jdbc-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-spec-api-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"ironjacamar-validator-1.0.19-1.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jaxbintros-1.0.2-16.GA_redhat_6.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-aesh-0.33.7-2.redhat_2.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-marshalling-1.3.18-1.GA_redhat_1.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-modules-1.2.2-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossts-4.17.7-4.Final_redhat_4.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossws-common-2.1.3-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jcip-annotations-eap6-1.0-4.redhat_4.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"jgroups-3.2.10-1.Final_redhat_2.2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_ssl-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.22-25.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"netty-3.6.6-2.Final_redhat_1.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"opensaml-2.5.1-2.redhat_2.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"openws-1.4.2-10.redhat_4.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"wss4j-1.6.10-1.redhat_1.ep6.el6")) flag++;
if (rpm_check(release:"RHEL6", reference:"xml-security-1.5.5-1.redhat_1.ep6.el6")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
  • rhsa
    idRHSA-2013:1207
  • rhsa
    idRHSA-2013:1208
  • rhsa
    idRHSA-2013:1209
  • rhsa
    idRHSA-2013:1437
  • rhsa
    idRHSA-2013:1771
  • rhsa
    idRHSA-2014:0029
rpms
  • apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el5
  • apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el5
  • apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el5
  • hibernate4-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-core-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-entitymanager-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-envers-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-infinispan-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el5
  • hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
  • hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el5
  • httpd-0:2.2.22-25.ep6.el5
  • httpd-debuginfo-0:2.2.22-25.ep6.el5
  • httpd-devel-0:2.2.22-25.ep6.el5
  • httpd-manual-0:2.2.22-25.ep6.el5
  • httpd-tools-0:2.2.22-25.ep6.el5
  • infinispan-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el5
  • ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el5
  • jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el5
  • jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el5
  • jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el5
  • jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el5
  • jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el5
  • jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el5
  • jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el5
  • jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el5
  • jboss-marshalling-0:1.3.18-2.GA_redhat_1.1.ep6.el5
  • jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el5
  • jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el5
  • jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el5
  • jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el5
  • jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el5
  • jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
  • jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el5
  • jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el5
  • jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossts-1:4.17.7-4.Final_redhat_4.ep6.el5
  • jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el5
  • jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el5
  • jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el5
  • jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el5
  • jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el5
  • jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el5
  • log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el5
  • mod_ssl-1:2.2.22-25.ep6.el5
  • netty-0:3.6.6-3.Final_redhat_1.1.ep6.el5
  • opensaml-0:2.5.1-2.redhat_2.1.ep6.el5
  • openws-0:1.4.2-10.redhat_4.1.ep6.el5
  • picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el5
  • picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el5
  • wss4j-0:1.6.10-1.redhat_1.ep6.el5
  • xml-security-0:1.5.5-1.redhat_1.ep6.el5
  • apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el6
  • apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el6
  • apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el6
  • hibernate4-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-core-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-entitymanager-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-envers-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-infinispan-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el6
  • hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
  • hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el6
  • httpd-0:2.2.22-25.ep6.el6
  • httpd-debuginfo-0:2.2.22-25.ep6.el6
  • httpd-devel-0:2.2.22-25.ep6.el6
  • httpd-manual-0:2.2.22-25.ep6.el6
  • httpd-tools-0:2.2.22-25.ep6.el6
  • infinispan-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el6
  • ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el6
  • jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el6
  • jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el6
  • jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el6
  • jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el6
  • jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el6
  • jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el6
  • jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el6
  • jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el6
  • jboss-marshalling-0:1.3.18-1.GA_redhat_1.1.ep6.el6
  • jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el6
  • jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el6
  • jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el6
  • jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el6
  • jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el6
  • jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
  • jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el6
  • jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el6
  • jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossts-1:4.17.7-4.Final_redhat_4.ep6.el6
  • jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el6
  • jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el6
  • jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el6
  • jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el6
  • jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el6
  • jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el6
  • log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el6
  • mod_ssl-1:2.2.22-25.ep6.el6
  • netty-0:3.6.6-2.Final_redhat_1.1.ep6.el6
  • opensaml-0:2.5.1-2.redhat_2.1.ep6.el6
  • openws-0:1.4.2-10.redhat_4.1.ep6.el6
  • picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el6
  • picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el6
  • wss4j-0:1.6.10-1.redhat_1.ep6.el6
  • xml-security-0:1.5.5-1.redhat_1.ep6.el6

References