漏洞类别:RedHat
漏洞等级: 
漏洞信息
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API. (CVE-2017-12629)
Affected Products:
JBoss Enterprise Application Platform 7.0 for RHEL 7 x86_64
JBoss Enterprise Application Platform 7.0 for RHEL 6 x86_64
JBoss Enterprise Application Platform 7.0 for RHEL 6 i386
漏洞危害
An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2017:3123 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论