-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0116

Title: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update [1]

Version history:
24.09.2012 Initial publication


Summary
=======
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal.

CVSS v2: 7.5 (HIGH) AV:N/AC:L/Au:N/C:P/I:P/A:P [2]

Affected Versions
=================
JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05

Original Details
================
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service (port 1099), HA-JNDI service (port 1100), or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts. (CVE-2011-4605)

What can you do?
================
Patches are available [1]


What to tell your users
=======================

N/A

More information
================
[1] https://rhn.redhat.com/errata/RHSA-2012-1295.html
[2] https://access.redhat.com/security/cve/CVE-2011-4605


Best regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQYH8PAAoJEPpzpNLI8SVo9RAP/RtsfaWn/qKqZSKZ6BdacJgX
3NXawuxWWHmJuEIWFvPTDesXy0UUM+zOlafCzfgo4j09sMRV90yUfI9CoK254tKq
HAKzc24tXIq68DCBomKq3wD+GtnH8galibahyIQ5n2zsBWw/KnPobP60/x3icYRO
TwebmnBMSxJc8WPgQIfYnCaR3jjQ3a4EHZV7VE722n4+Gf+KWWZMrp1agQiHcqd7
MQV1bXaAmWjUcC9JEjexvKaVYoCpVWLepDwUZ2Zrfazs2lpR04ratKQKSIPT0EpU
KZmuqHJJIbDXILT/gqrMQxXRT5HcvWHN/uiJX4zkmlSFMT47qjGXjNM4PK/1iSh0
BqmALpqyD3QWTKavs6LAmvU7xY37kXzkc5Pn5R7k6t8rnWN+PhPrzh2OLbUdksRS
SVTtOWR2BnmTEYQw7a0F/ciXUTYcgI2kcYVeXCdvngwbaNDcVSF1uwFW+HksZle8
BsCg5gh7kFvKy/YpPMVKAV26WvEnzGkDEfG6ow6pX3c94x3urN4E8hy+hg3/khI4
qGRLH483sB47VgGwurIU+V5ifKg1A1RQiNiRvNRTG2lxWuONRRv1qlh9y7MKkU1l
lQAJaBOm68OUk4F4Vp+NlClCQAheIX2OugTe98nqgz2mZf43M+3ErIoVQqCZrBG9
8R96RILUxcqZblLnQcAb
=Ticg
-----END PGP SIGNATURE-----