BSA-2017-314
21377
10 September 2018
23 June 2017
Closed
Low
3.5
Yes
CVE-2016-0793
Summary
Security Advisory ID : BSA-2017-314
Component : WildFly
Revision : 5.0: Final
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBossApplication Server) before 10.0.0.Final on Windows allows remote unauthenticated attackers to read sensitive files.
Statement
Only Wildfly application servers running on Windows operating systems are affected; no versions of Red Hat JBoss EAP or layered products are affected.
Affected Products
Brocade Network Advisor versions released prior to and including 14.0.2.
Notes:
A security update was delivered in BNA 14.0.3 and 14.1.1 to correct two issues with the filter restriction mechanism:
1. Accepting unauthenticated requests
2. Accepting malformed requests to disclose data on server or allow executing remote code.
A further security update has been made in BNA 14.4.3 to address security scanners reporting of this issue.
Products Confirmed Not Vulnerable
Brocade Fabric OS.
Brocade Network Advisor for Linux OS
Workaround
- Brocade recommends restricting access to the Brocade Network Advisor server only from the trusted network.
- Install Brocade Network Advisor versions for Linux OS
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | June 23, 2017 |
2.0 | Updated to address NOS | September 8, 2017 |
3.0 | Updated the Risk Assessment | September 18, 2017 |
4.0 | Updated to reword Affected Products and Workaround | October 13, 2017 |
5.0 | Updated with BNA version and to reflect Fibre Channel Products Only. |
September 10, 2018 |