RHEL 6:JBoss EAP (RHSA-2012:1592)
critical Nessus 插件 ID 64072
语言:
简介
远程 Red Hat 主机缺少一个或多个安全更新。描述
更新后的 JBoss Enterprise Application Platform 6.0.1 程序包修复了多种安全问题和各种缺陷,并添加了多项增强,现在可用于 Red Hat Enterprise Linux 6。Red Hat 安全响应团队已将此更新评级为具有重要安全影响。可从“参考”部分中的 CVE 链接获取针对每个漏洞的通用漏洞评分系统 (CVSS) 基本分数,其给出了详细的严重性等级。
JBoss Enterprise Application Platform 6 是适用于基于 JBoss Application Server 7 的 Java 应用程序的平台。
此版本可替换 JBoss Enterprise Application Platform 6.0.0,并包含缺陷补丁和多项增强。有关这些最重要更改的信息,请参阅 6.0.1 发行说明,具体内容短期内将于 https://access.redhat.com/knowledge/docs/ 中提供
此更新删除了未使用的已签名 JAR;从 JAR MANIFEST.MF 文件删除未使用的 SHA1 校验和以减少服务器内存占用;将 MANIFEST.MF 添加到之前缺失它的 JAR 文件;并从主程序包删除冗余 Javadoc 文件。(BZ#830291)
安全补丁:
Apache CXF 检查确认已通过支持的标记签名或加密 XML 元素,而不管是否使用正确的标记。远程攻击者可传输无适当安全性的机密信息,并可能避开对通过 Apache CXF 暴露的 Web 服务的访问控制。(CVE-2012-2379)
当使用基于角色的授权配置 EJB 访问时,应使用 JACC 权限确定访问;但是,由于存在缺陷,未调用所配置的授权模块(JACC、XACML 等),且未使用 JACC 权限确定对 EJB 的访问。(CVE-2012-4550)
在 Apache CXF 强制执行客户端上 WS-SecurityPolicy 1.1 的子策略的方式中发现的缺陷,在某些情况下,可能导致客户端无法签名或加密安全策略定向的某些元素,从而引起信息泄露和不安全的信息传输。(CVE-2012-2378)
当配置为“allow-multiple-users”时,在 IronJacamar 认证凭据和返回有效数据源连接的方式中发现一个缺陷。提供正确主题的远程攻击者可获取可能属于特权用户的数据源连接。(CVE-2012-3428)
已发现在某些情况下 Apache CXF 容易遭受 SOAPAction 欺骗攻击。请注意,需对被调用的操作执行 WS 策略验证,攻击必须通过验证才能成功。(CVE-2012-3451)
当不存在 EJB 方法调用的允许角色时,应拒绝所有用户调用。已发现当允许角色列表为空时,org.jboss.as.ejb3.security.AuthorizationInterceptor 中的 processInvocation() 方法未正确授权进行所有方法调用。(CVE-2012-4549)
已发现在应用程序启动过程中可用的 Mojarra 中的 FacesContext 保留在 ThreadLocal 中。未正确地在所有案例中清除引用。因此,如果 JavaServer Faces (JSF) WAR 在应用程序启动过程中调用 FacesContext.getCurrentInstance(),其他 WAR 可访问剩余上下文,并因此获得访问其他 WAR 资源的权限。本地攻击者可利用此缺陷,使用特别构建的部署应用程序访问其他 WAR 资源。(CVE-2012-2672)
在 mod_negotiation Apache HTTP Server 模块中发现输入审查缺陷。能够在启用了 MultiViews 选项的目录中上传或创建任意名称的文件的远程攻击者,可利用此缺陷对访问站点的用户执行跨站脚本攻击。(CVE-2008-0455、CVE-2012-2687)
Red Hat 在此感谢 Apache CXF 项目报告 CVE-2012-2379、CVE-2012-2378 和 CVE-2012-3451。CVE-2012-4550 问题由 Red Hat JBoss EAP 质量工程团队的 Josef Cacek 发现; CVE-2012-3428 和 CVE-2012-4549 由 Red Hat 安全响应小组的 Arun Neelicattu 发现; CVE-2012-2672 由 Red Hat 的 Marek Schmidt 和 Stan Silvert 发现。
警告:应用此更新之前,请备份现有 JBoss Enterprise Application Platform 安装程序和部署的应用程序。有关更多详细信息,请参阅“解决方案”部分。
解决方案
更新受影响的数据包。另见
https://www.redhat.com/security/data/cve/CVE-2008-0455.html
https://www.redhat.com/security/data/cve/CVE-2012-2378.html
https://www.redhat.com/security/data/cve/CVE-2012-2379.html
https://www.redhat.com/security/data/cve/CVE-2012-2672.html
https://www.redhat.com/security/data/cve/CVE-2012-2687.html
https://www.redhat.com/security/data/cve/CVE-2012-3428.html
https://www.redhat.com/security/data/cve/CVE-2012-3451.html
https://www.redhat.com/security/data/cve/CVE-2012-4549.html
https://www.redhat.com/security/data/cve/CVE-2012-4550.html
插件详情
严重性: Critical
ID: 64072
文件名: redhat-RHSA-2012-1592.nasl
版本: 1.20
类型: local
代理: unix
发布时间: 2013/1/24
最近更新时间: 2021/1/14
支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.4
CVSS v2
风险因素: Critical
基本分数: 10
时间分数: 8.7
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:hibernate4-core, p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager, p-cpe:/a:redhat:enterprise_linux:hibernate4-envers, p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan, p-cpe:/a:redhat:enterprise_linux:hibernate4-validator, p-cpe:/a:redhat:enterprise_linux:hornetq, p-cpe:/a:redhat:enterprise_linux:hornetq-native, p-cpe:/a:redhat:enterprise_linux:httpcomponents-httpclient, p-cpe:/a:redhat:enterprise_linux:httpcomponents-httpcore, p-cpe:/a:redhat:enterprise_linux:httpd, p-cpe:/a:redhat:enterprise_linux:httpd-devel, p-cpe:/a:redhat:enterprise_linux:httpd-tools, p-cpe:/a:redhat:enterprise_linux:httpserver, p-cpe:/a:redhat:enterprise_linux:jbosgi-spi, p-cpe:/a:redhat:enterprise_linux:jbosgi-vfs, p-cpe:/a:redhat:enterprise_linux:jboss-annotations-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient, p-cpe:/a:redhat:enterprise_linux:jboss-as-cli, p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all, p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering, p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp, p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin, p-cpe:/a:redhat:enterprise_linux:jboss-as-connector, p-cpe:/a:redhat:enterprise_linux:jboss-as-console, p-cpe:/a:redhat:enterprise_linux:jboss-as-controller, p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client, p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository, p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner, p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http, p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management, p-cpe:/a:redhat:enterprise_linux:jboss-as-ee, p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment, p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3, p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded, p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller, p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb, p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr, p-cpe:/a:redhat:enterprise_linux:antlr-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils, p-cpe:/a:redhat:enterprise_linux:apache-commons-cli, p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration, p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-io-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-lang-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6, p-cpe:/a:redhat:enterprise_linux:apache-cxf, p-cpe:/a:redhat:enterprise_linux:apache-cxf-xjc-utils, p-cpe:/a:redhat:enterprise_linux:apache-mime4j, p-cpe:/a:redhat:enterprise_linux:atinject, p-cpe:/a:redhat:enterprise_linux:cal10n, p-cpe:/a:redhat:enterprise_linux:codehaus-jackson, p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-core-asl, p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-jaxrs, p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-mapper-asl, p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-xc, p-cpe:/a:redhat:enterprise_linux:cxf-xjc-boolean, p-cpe:/a:redhat:enterprise_linux:cxf-xjc-dv, p-cpe:/a:redhat:enterprise_linux:cxf-xjc-ts, p-cpe:/a:redhat:enterprise_linux:dom4j, p-cpe:/a:redhat:enterprise_linux:glassfish-jaf, p-cpe:/a:redhat:enterprise_linux:glassfish-javamail, p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb, p-cpe:/a:redhat:enterprise_linux:glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:glassfish-jsf12, p-cpe:/a:redhat:enterprise_linux:gnu-getopt, p-cpe:/a:redhat:enterprise_linux:guava, p-cpe:/a:redhat:enterprise_linux:h2database, p-cpe:/a:redhat:enterprise_linux:hibernate-beanvalidation-api, p-cpe:/a:redhat:enterprise_linux:hibernate-jpa-2.0-api, p-cpe:/a:redhat:enterprise_linux:hibernate3-commons-annotations, p-cpe:/a:redhat:enterprise_linux:hibernate4, p-cpe:/a:redhat:enterprise_linux:infinispan, p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc, p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote, p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod, p-cpe:/a:redhat:enterprise_linux:infinispan-core, p-cpe:/a:redhat:enterprise_linux:ironjacamar, p-cpe:/a:redhat:enterprise_linux:jacorb-jboss, p-cpe:/a:redhat:enterprise_linux:jandex, p-cpe:/a:redhat:enterprise_linux:javassist, p-cpe:/a:redhat:enterprise_linux:javassist-eap6, p-cpe:/a:redhat:enterprise_linux:jaxbintros, p-cpe:/a:redhat:enterprise_linux:jaxen, p-cpe:/a:redhat:enterprise_linux:jaxws-jboss-httpserver-httpspi, p-cpe:/a:redhat:enterprise_linux:jbosgi-deployment, p-cpe:/a:redhat:enterprise_linux:jbosgi-framework-core, p-cpe:/a:redhat:enterprise_linux:jbosgi-metadata, p-cpe:/a:redhat:enterprise_linux:jbosgi-repository, p-cpe:/a:redhat:enterprise_linux:jbosgi-resolver, p-cpe:/a:redhat:enterprise_linux:jboss-iiop-client, p-cpe:/a:redhat:enterprise_linux:jboss-interceptors-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-invocation, p-cpe:/a:redhat:enterprise_linux:jboss-j2eemgmt-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jacc-api_1.4_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jad-api_1.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaspi-api_1.0_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxb-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxr-api_1.0_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxrs-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxws-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jms-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jsf-api_2.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jsp-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jstl-api_1.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-logging, p-cpe:/a:redhat:enterprise_linux:jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:jboss-marshalling, p-cpe:/a:redhat:enterprise_linux:jboss-metadata, p-cpe:/a:redhat:enterprise_linux:jboss-metadata-appclient, p-cpe:/a:redhat:enterprise_linux:jboss-metadata-common, p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ear, p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ejb, p-cpe:/a:redhat:enterprise_linux:jboss-metadata-web, p-cpe:/a:redhat:enterprise_linux:jboss-modules, p-cpe:/a:redhat:enterprise_linux:jboss-msc, p-cpe:/a:redhat:enterprise_linux:jboss-osgi-logging, p-cpe:/a:redhat:enterprise_linux:jboss-remote-naming, p-cpe:/a:redhat:enterprise_linux:jboss-remoting3, p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs, p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr, p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx, p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa, p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf, p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77, p-cpe:/a:redhat:enterprise_linux:jboss-as-logging, p-cpe:/a:redhat:enterprise_linux:jboss-as-mail, p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content, p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging, p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster, p-cpe:/a:redhat:enterprise_linux:jboss-as-naming, p-cpe:/a:redhat:enterprise_linux:jboss-as-network, p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin, p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service, p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean, p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo, p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller, p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol, p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting, p-cpe:/a:redhat:enterprise_linux:jboss-as-sar, p-cpe:/a:redhat:enterprise_linux:jboss-as-security, p-cpe:/a:redhat:enterprise_linux:jboss-as-server, p-cpe:/a:redhat:enterprise_linux:jboss-as-threads, p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions, p-cpe:/a:redhat:enterprise_linux:jboss-as-web, p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices, p-cpe:/a:redhat:enterprise_linux:jboss-as-weld, p-cpe:/a:redhat:enterprise_linux:jboss-as-xts, p-cpe:/a:redhat:enterprise_linux:jboss-classfilewriter, p-cpe:/a:redhat:enterprise_linux:jboss-common-beans, p-cpe:/a:redhat:enterprise_linux:jboss-common-core, p-cpe:/a:redhat:enterprise_linux:jboss-connector-api_1.6_spec, p-cpe:/a:redhat:enterprise_linux:jboss-dmr, p-cpe:/a:redhat:enterprise_linux:jboss-ejb-api_3.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:jboss-ejb3-ext-api, p-cpe:/a:redhat:enterprise_linux:jboss-el-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jgroups, p-cpe:/a:redhat:enterprise_linux:jline-eap6, p-cpe:/a:redhat:enterprise_linux:joda-time, p-cpe:/a:redhat:enterprise_linux:jtype, p-cpe:/a:redhat:enterprise_linux:juddi, p-cpe:/a:redhat:enterprise_linux:jul-to-slf4j-stub, p-cpe:/a:redhat:enterprise_linux:jython-eap6, p-cpe:/a:redhat:enterprise_linux:log4j-eap6, p-cpe:/a:redhat:enterprise_linux:log4j-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:mod_cluster, p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo, p-cpe:/a:redhat:enterprise_linux:mod_cluster-native, p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22, p-cpe:/a:redhat:enterprise_linux:mod_ssl, p-cpe:/a:redhat:enterprise_linux:netty, p-cpe:/a:redhat:enterprise_linux:objectweb-asm-eap6, p-cpe:/a:redhat:enterprise_linux:org.apache.felix.configadmin, p-cpe:/a:redhat:enterprise_linux:org.apache.felix.log, p-cpe:/a:redhat:enterprise_linux:org.osgi.core, p-cpe:/a:redhat:enterprise_linux:org.osgi.enterprise, p-cpe:/a:redhat:enterprise_linux:picketbox, p-cpe:/a:redhat:enterprise_linux:picketbox-commons, p-cpe:/a:redhat:enterprise_linux:picketlink-federation, p-cpe:/a:redhat:enterprise_linux:relaxngdatatype, p-cpe:/a:redhat:enterprise_linux:resteasy, p-cpe:/a:redhat:enterprise_linux:rngom, p-cpe:/a:redhat:enterprise_linux:scannotation, p-cpe:/a:redhat:enterprise_linux:shrinkwrap, p-cpe:/a:redhat:enterprise_linux:slf4j-eap6, p-cpe:/a:redhat:enterprise_linux:slf4j-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:snakeyaml, p-cpe:/a:redhat:enterprise_linux:staxmapper, p-cpe:/a:redhat:enterprise_linux:stilts, p-cpe:/a:redhat:enterprise_linux:sun-codemodel, p-cpe:/a:redhat:enterprise_linux:sun-istack-commons, p-cpe:/a:redhat:enterprise_linux:sun-saaj-1.3-impl, p-cpe:/a:redhat:enterprise_linux:sun-txw2, p-cpe:/a:redhat:enterprise_linux:sun-ws-metadata-2.0-api, p-cpe:/a:redhat:enterprise_linux:sun-xsom, p-cpe:/a:redhat:enterprise_linux:tomcat-native, p-cpe:/a:redhat:enterprise_linux:velocity-eap6, p-cpe:/a:redhat:enterprise_linux:weld-cdi-1.0-api, p-cpe:/a:redhat:enterprise_linux:weld-core, p-cpe:/a:redhat:enterprise_linux:woodstox-core, p-cpe:/a:redhat:enterprise_linux:woodstox-stax2-api, p-cpe:/a:redhat:enterprise_linux:ws-commons-xmlschema, p-cpe:/a:redhat:enterprise_linux:ws-commons-neethi, p-cpe:/a:redhat:enterprise_linux:ws-scout, p-cpe:/a:redhat:enterprise_linux:wsdl4j-eap6, p-cpe:/a:redhat:enterprise_linux:wss4j, p-cpe:/a:redhat:enterprise_linux:xalan-j2-eap6, p-cpe:/a:redhat:enterprise_linux:xerces-j2-eap6, p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver-eap6, p-cpe:/a:redhat:enterprise_linux:xml-security, p-cpe:/a:redhat:enterprise_linux:xom, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:jboss-remoting3-jmx, p-cpe:/a:redhat:enterprise_linux:jboss-rmi-api_1.0_spec, p-cpe:/a:redhat:enterprise_linux:jboss-saaj-api_1.3_spec, p-cpe:/a:redhat:enterprise_linux:jboss-sasl, p-cpe:/a:redhat:enterprise_linux:jboss-seam-int, p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation, p-cpe:/a:redhat:enterprise_linux:jboss-security-xacml, p-cpe:/a:redhat:enterprise_linux:jboss-servlet-api_2.5_spec, p-cpe:/a:redhat:enterprise_linux:jboss-servlet-api_3.0_spec, p-cpe:/a:redhat:enterprise_linux:jboss-specs-parent, p-cpe:/a:redhat:enterprise_linux:jboss-stdio, p-cpe:/a:redhat:enterprise_linux:jboss-threads, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-spi, p-cpe:/a:redhat:enterprise_linux:jboss-vfs2, p-cpe:/a:redhat:enterprise_linux:jboss-weld-1.1-api, p-cpe:/a:redhat:enterprise_linux:jboss-xnio-base, p-cpe:/a:redhat:enterprise_linux:jbossas-appclient, p-cpe:/a:redhat:enterprise_linux:jbossas-bundles, p-cpe:/a:redhat:enterprise_linux:jbossas-core, p-cpe:/a:redhat:enterprise_linux:jbossas-domain, p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native, p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs, p-cpe:/a:redhat:enterprise_linux:jbossas-jbossweb-native, p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap, p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap, p-cpe:/a:redhat:enterprise_linux:jbossas-standalone, p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap, p-cpe:/a:redhat:enterprise_linux:jbossts, p-cpe:/a:redhat:enterprise_linux:jbossweb, p-cpe:/a:redhat:enterprise_linux:jbossweb-lib, p-cpe:/a:redhat:enterprise_linux:jbossws-api, p-cpe:/a:redhat:enterprise_linux:jbossws-common, p-cpe:/a:redhat:enterprise_linux:jbossws-common-tools, p-cpe:/a:redhat:enterprise_linux:jbossws-cxf, p-cpe:/a:redhat:enterprise_linux:jbossws-native, p-cpe:/a:redhat:enterprise_linux:jbossws-spi, p-cpe:/a:redhat:enterprise_linux:jbossxb2, p-cpe:/a:redhat:enterprise_linux:jcip-annotations, p-cpe:/a:redhat:enterprise_linux:jdom-eap6, p-cpe:/a:redhat:enterprise_linux:jettison
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
可利用: true
易利用性: Exploits are available
补丁发布日期: 2012/12/18
参考资料信息
CVE: CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
BID: 27409, 53877, 53880, 53901, 55131, 55628, 56981, 56990, 56992