Vulnerabilities > CVE-2018-1041 - Infinite Loop vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
jboss
redhat
CWE-835
nessus
exploit available

Summary

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Exploit-Db

descriptionJBoss Remoting 6.14.18 - Denial of Service. CVE-2018-1041. Dos exploit for Multiple platform. Tags: Denial of Service (DoS)
fileexploits/multiple/dos/44099.txt
idEDB-ID:44099
last seen2018-02-16
modified2018-02-16
platformmultiple
port
published2018-02-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44099/
titleJBoss Remoting 6.14.18 - Denial of Service
typedos

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0275.NASL
    descriptionAn update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id106616
    published2018-02-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106616
    titleRHEL 6 : jboss-ec2-eap (RHSA-2018:0275)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:0275. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106616);
      script_version("3.11");
      script_cvs_date("Date: 2019/10/24 15:35:44");
    
      script_cve_id("CVE-2017-12174", "CVE-2017-12617", "CVE-2018-1041");
      script_xref(name:"RHSA", value:"2018:0275");
    
      script_name(english:"RHEL 6 : jboss-ec2-eap (RHSA-2018:0275)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for jboss-ec2-eap is now available for Red Hat JBoss
    Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The jboss-ec2-eap packages provide scripts for Red Hat JBoss
    Enterprise Application Platform running on the Amazon Web Services
    (AWS) Elastic Compute Cloud (EC2).
    
    With this update, the jboss-ec2-eap package has been updated to ensure
    compatibility with Red Hat JBoss Enterprise Application Platform
    6.4.19.
    
    Security Fix(es) :
    
    * It was found that when Artemis and HornetQ are configured with UDP
    discovery and JGroups discovery a huge byte array is created when
    receiving an unexpected multicast message. This may result in a heap
    memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174)
    
    * A vulnerability was discovered in Tomcat where if a servlet context
    was configured with readonly=false and HTTP PUT requests were allowed,
    an attacker could upload a JSP file to that context and achieve code
    execution. (CVE-2017-12617)
    
    * A vulnerability was found in the way RemoteMessageChannel,
    introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads
    from an empty buffer. An attacker could use this flaw to cause denial
    of service via high CPU caused by an infinite loop. (CVE-2018-1041)
    
    The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:0275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-12174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-12617"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1041"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected jboss-ec2-eap and / or jboss-ec2-eap-samples
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat for Windows HTTP PUT Method File Upload");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Tomcat RCE via JSP Upload Bypass');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:0275";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"jboss-ec2-eap-7.5.19-2.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-ec2-eap-samples-7.5.19-2.Final_redhat_2.ep6.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jboss-ec2-eap / jboss-ec2-eap-samples");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0268.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id106650
    published2018-02-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106650
    titleRHEL 7 : JBoss EAP (RHSA-2018:0268)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:0268. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106650);
      script_version("3.11");
      script_cvs_date("Date: 2019/10/24 15:35:44");
    
      script_cve_id("CVE-2017-12174", "CVE-2017-12617", "CVE-2018-1041");
      script_xref(name:"RHSA", value:"2018:0268");
    
      script_name(english:"RHEL 7 : JBoss EAP (RHSA-2018:0268)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat JBoss Enterprise Application
    Platform 6.4 for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat JBoss Enterprise Application Platform is a platform for Java
    applications based on the JBoss Application Server.
    
    This release of Red Hat JBoss Enterprise Application Platform 6.4.19
    serves as a replacement for Red Hat JBoss Enterprise Application
    Platform 6.4.18, and includes bug fixes and enhancements, which are
    documented in the Release Notes document linked to in the References.
    
    Security Fix(es) :
    
    * It was found that when Artemis and HornetQ are configured with UDP
    discovery and JGroups discovery a huge byte array is created when
    receiving an unexpected multicast message. This may result in a heap
    memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174)
    
    * A vulnerability was discovered in Tomcat where if a servlet context
    was configured with readonly=false and HTTP PUT requests were allowed,
    an attacker could upload a JSP file to that context and achieve code
    execution. (CVE-2017-12617)
    
    * A vulnerability was found in the way RemoteMessageChannel,
    introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads
    from an empty buffer. An attacker could use this flaw to cause denial
    of service via high CPU caused by an infinite loop. (CVE-2018-1041)
    
    The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:0268"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-12174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-12617"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1041"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat for Windows HTTP PUT Method File Upload");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Tomcat RCE via JSP Upload Bypass');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinispan-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remoting3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-cxf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-bindings");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-federation");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:0268";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"jbossas-welcome-content-eap"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL7", reference:"hornetq-2.3.25-25.SP23_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"infinispan-5.2.23-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"infinispan-cachestore-jdbc-5.2.23-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"infinispan-cachestore-remote-5.2.23-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"infinispan-client-hotrod-5.2.23-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"infinispan-core-5.2.23-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-api-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-impl-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-spi-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-core-api-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-core-impl-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-deployers-common-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-jdbc-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-spec-api-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ironjacamar-validator-eap6-1.0.41-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-appclient-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-cli-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-client-all-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-clustering-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-cmp-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-configadmin-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-connector-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-controller-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-controller-client-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-core-security-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-deployment-repository-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-deployment-scanner-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-domain-http-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-domain-management-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-ee-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-ee-deployment-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-ejb3-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-embedded-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-host-controller-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jacorb-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jaxr-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jaxrs-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jdr-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jmx-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jpa-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jsf-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-jsr77-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-logging-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-mail-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-management-client-content-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-messaging-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-modcluster-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-naming-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-network-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-configadmin-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-service-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-picketlink-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-platform-mbean-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-pojo-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-process-controller-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-protocol-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-remoting-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-sar-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-security-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-server-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-system-jmx-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-threads-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-transactions-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-version-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-web-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-webservices-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-weld-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-as-xts-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-ejb-client-1.0.40-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jboss-remoting3-3.3.12-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-appclient-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-bundles-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-core-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-domain-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-javadocs-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-modules-eap-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-product-eap-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-standalone-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossas-welcome-content-eap-7.5.19-2.Final_redhat_2.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossweb-7.5.27-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"jbossws-cxf-4.3.7-1.Final_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"picketlink-bindings-2.5.4-22.SP18_redhat_1.1.ep6.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"picketlink-federation-2.5.4-20.SP18_redhat_1.1.ep6.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "hornetq / infinispan / infinispan-cachestore-jdbc / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0270.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. (CVE-2018-1041) The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id106651
    published2018-02-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106651
    titleRHEL 6 : JBoss EAP (RHSA-2018:0270)
  • NASL familyDenial of Service
    NASL idJBOSS_REMOTING_CVE-2018-1041.NASL
    descriptionA denial of service (DoS) vulnerability exists in JBoss Remoting due to the way RemoteMessageChannel, introduced in version 3.3.10.Final-redhat-1, reads from an empty buffer. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to cause the JBoss Remoting service running in an infinite loop resulting in high CPU usage.
    last seen2020-06-01
    modified2020-06-02
    plugin id121515
    published2019-01-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121515
    titleJBoss Remoting RemoteMessageChannel DoS (intrusive check)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/146423/jbossremoting61418-dos.txt
idPACKETSTORM:146423
last seen2018-02-17
published2018-02-16
reporterFrank Spierings
sourcehttps://packetstormsecurity.com/files/146423/JBoss-Remoting-6.14.18-Denial-Of-Service.html
titleJBoss Remoting 6.14.18 Denial Of Service

Redhat

advisories
  • rhsa
    idRHSA-2018:0268
  • rhsa
    idRHSA-2018:0269
  • rhsa
    idRHSA-2018:0270
  • rhsa
    idRHSA-2018:0271
  • rhsa
    idRHSA-2018:0275
rpms
  • hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el7
  • infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el7
  • infinispan-cachestore-jdbc-0:5.2.23-1.Final_redhat_1.1.ep6.el7
  • infinispan-cachestore-remote-0:5.2.23-1.Final_redhat_1.1.ep6.el7
  • infinispan-client-hotrod-0:5.2.23-1.Final_redhat_1.1.ep6.el7
  • infinispan-core-0:5.2.23-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-common-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-common-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-common-spi-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-core-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-core-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-deployers-common-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-jdbc-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-spec-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-validator-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7
  • jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el7
  • jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el7
  • jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7
  • jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el7
  • jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el7
  • picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el7
  • picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el7
  • hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el6
  • infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.23-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.23-1.Final_redhat_1.1.ep6.el6
  • infinispan-client-hotrod-0:5.2.23-1.Final_redhat_1.1.ep6.el6
  • infinispan-core-0:5.2.23-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-spi-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-deployers-common-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-jdbc-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-spec-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-validator-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6
  • jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el6
  • jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el6
  • jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6
  • jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el6
  • jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el6
  • picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el6
  • picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el6
  • hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el5
  • infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.23-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.23-1.Final_redhat_1.1.ep6.el5
  • infinispan-client-hotrod-0:5.2.23-1.Final_redhat_1.1.ep6.el5
  • infinispan-core-0:5.2.23-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-spi-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-impl-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-deployers-common-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-jdbc-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-spec-api-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-validator-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5
  • jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el5
  • jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el5
  • jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5
  • jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el5
  • jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el5
  • picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el5
  • picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el5
  • jboss-ec2-eap-0:7.5.19-2.Final_redhat_2.ep6.el6
  • jboss-ec2-eap-samples-0:7.5.19-2.Final_redhat_2.ep6.el6