Red Hat Security Advisory 2017-0248-01

Discussion in 'News Aggregator' started by Packet Storm, 4 Feb 2017.

  1. Packet Storm

    Packet Storm Guest

    Red Hat Security Advisory 2017-0248-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.1 serves as a replacement for Red Hat JBoss BRMS 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

    Continue reading...
     
    #1 Packet Storm, 4 Feb 2017
(You must log in or sign up to post here.)

Share This Page

Loading...