-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-026 Title: JBoss Enterprice Aplication Platform update [1] Version history: 06.03.2014 Initial publication Summary ======= An update for Red Hat JBoss Enterprise Application Platform 6.2.1 is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE numbers: CVE-2014-0050 CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Versions ================= JBoss Enterprise Application Platform 6.2.1 Original Details ================ A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss EAP, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) What can you do? ================ This update is available via the Red Hat Network. [1] What to tell your users ======================= N/A More information ================ [1] https://rhn.redhat.com/errata/RHSA-2014-0252.html Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTGH/ZAAoJEPpzpNLI8SVoncYP/0qp0f0No0VcNp0xrFFbx3bd //lE7B08HHZCs690uhVIr3AqUvy7KiNvGgj12arpZzO250GIRekVbXa/JyJs3O/w UniPPhuYdY0qo6qm9SCTjC6DeAkwtnkInLRm7FHHtCNS4aeACx8ZomQXmyLrkhVF JYKn+nk04lLtNIgwTaXr90TOFg6cSLk3lIOYO8K/7LljF5oDOADL4kb2XqDBm/CC qPVYuYge+9wZv8kUgFo6Kw31/qgQABG0D6EuFre3gpHeemSBju+xJkWyOj/SwdZy O7xmvD2XsrJYrz0xVBfkokaG/vZh6HkHnoFE+KMDKcpy8LSf8rbwa2TYFAyjjQKZ emxMmYrYWLC85WksnqbHzNv0NC/H5MDMMcun6ay6Hier68MprRZFCxO7h+xeAXm9 nu7aV9f1PJHgkY5wN3+3Pbf44RKftsWe7OIjFUq3sdQYbijYVKzd3CqJXeTkWbD5 P2p0k73O7BCKPHSx9KTOPYmXl/DwdTXHP30mmkBN+2CbjPBvcrhm4eRQhwDmoYwH 4Ap0e+py0uuJOAtmNpnhUJO6MiDVtR0RFvkx66HUAO7FCCJhpIA70tZoAA4gThI5 AkJiBqY0hRjTAFX7mpDNa+nBThL/sckYjpVHli752L1EKM7RKF3zpBLQ4O5n5PAL bBJNgQs6JO8QPUPVoKnn =yFuy -----END PGP SIGNATURE-----