BSA-2017-314

Brocade Fabric OS

2 more products

21377

10 September 2018

23 June 2017

Closed

Low

3.5

Yes

CVE-2016-0793

Summary

Security Advisory ID : BSA-2017-314

Component : WildFly

Revision : 5.0: Final

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBossApplication Server) before 10.0.0.Final on Windows allows remote  unauthenticated attackers to read sensitive files.

Statement
Only Wildfly application servers running on Windows operating systems are affected; no versions of Red Hat JBoss EAP or layered products are affected.

Affected Products
Brocade Network Advisor versions released prior to and including 14.0.2.

Notes:
A security update was delivered in BNA 14.0.3 and 14.1.1 to correct two issues with the filter restriction mechanism:
1. Accepting unauthenticated requests
2. Accepting malformed requests to disclose data on server or allow executing remote code.

A further security update has been made in BNA 14.4.3 to address security scanners reporting of this issue. 

Products Confirmed Not Vulnerable
Brocade Fabric OS.
Brocade Network Advisor for Linux OS

Workaround

  • Brocade recommends restricting access to the Brocade Network Advisor server only from the trusted network.
  • Install Brocade Network Advisor versions for  Linux OS

Revision History

Version Change Date
1.0 Initial Publication June 23, 2017
2.0 Updated to address NOS September 8, 2017
3.0 Updated the Risk Assessment September 18, 2017
4.0 Updated to reword Affected Products and Workaround October 13, 2017
5.0 Updated with BNA version and to reflect Fibre Channel Products Only.
September 10, 2018