Security Advisory Moderate: JBoss Enterprise Application Platform 4.2.0.CP03 security update

Advisory: RHSA-2008:0825-10
Type: Security Advisory
Severity: Moderate
Issued on: 2008-08-05
Last updated on: 2008-08-05
Affected Products: JBoss Enterprise Application Platform 4.2.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-1285
CVE-2008-3273

Details

Updated JBoss Enterprise Application Platform (JBoss EAP) packages that
resolve several security issues are now available for Red Hat Enterprise
Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

JBoss EAP is a middleware platform for Java 2 Platform, Enterprise Edition
(J2EE) applications. JBoss Seam is a framework for building Java Internet
applications by integrating the use of Asynchronous JavaScript and XML
(AJAX), JavaServer Faces (JSF), Java Persistence (JPA), Enterprise Java
Beans (EJB 3.0) and Business Process Management (BPM) technologies.

This release of JBoss EAP for Red Hat Enterprise Linux 4 contains the JBoss
Application Server and JBoss Seam. This release serves as a replacement for
JBoss EAP 4.2.0.GA, and fixes the following security issues:

These updated JBoss Enterprise Application Platform (JBoss EAP) packages
resolve the following security issues:

The JavaServer Faces (JSF) component was vulnerable to multiple cross-site
scripting (XSS) vulnerabilities. An attacker could use these flaws to
inject arbitrary web script or HTML. (CVE-2008-1285)

Unauthenticated users were able to access the status servlet, which could
allow remote attackers to acquire details about deployed web contexts.
(CVE-2008-3273)

These updated packages include bug fixes and enhancements in addition to
the security fixes listed here. For the full list, refer to the JBoss EAP
4.2.0.CP03 release notes, linked to in the "References" section of this
advisory.

Warning: before applying this update, please back up the JBoss EAP
"server/<configuration>/deploy/" directory, as well as any customized
configuration files.

Please note: some of the packages contained in this errata were available
via the Red Hat Network prior to the release of this advisory.

Users of JBoss Enterprise Application Platform (JBoss EAP) should upgrade
to these updated packages, which contain backported patches to correct
these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

JBoss Enterprise Application Platform 4.2.0 EL4
SRPMS:
asm-1.5.3-1jpp.ep1.2.el4.src.rpm     28f104a01c11545338b7fe3cb4684957
asm-1.5.3-1jpp.ep1.2.el4.src.rpm     28f104a01c11545338b7fe3cb4684957
cglib-2.1.3-2jpp.ep1.6.el4.src.rpm     c8adf33ec0a5074042f4bf178c9efc70
cglib-2.1.3-2jpp.ep1.6.el4.src.rpm     c8adf33ec0a5074042f4bf178c9efc70
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2008:0833		     ed7eb8449ea007b1f89117cf9fdcfb0d
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2008:0833		     ed7eb8449ea007b1f89117cf9fdcfb0d
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2008:0833		     a1a7be4df87bb2913867703cb6dc64d7
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2008:0833		     a1a7be4df87bb2913867703cb6dc64d7
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0346		     1f05354ea4119a3bba5bf69a43233973
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0346		     1f05354ea4119a3bba5bf69a43233973
hibernate3-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     19a03e696b8f29503b7da8fa66435215
hibernate3-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     19a03e696b8f29503b7da8fa66435215
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     5a3e76f2ab56f9782fb4ea9aa0434218
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     5a3e76f2ab56f9782fb4ea9aa0434218
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1144		     165cdef245c6f2ef403edbfcedeb2dc7
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1144		     165cdef245c6f2ef403edbfcedeb2dc7
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     2e53701f5fd865f11474ac079bc5f0d8
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     2e53701f5fd865f11474ac079bc5f0d8
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     36c95e89a73236abe09e1446ed604689
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     36c95e89a73236abe09e1446ed604689
jboss-seam-1.2.1-1.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1144		     70136206250a93d5c8271c5602ea6c3d
jboss-seam-1.2.1-1.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1144		     70136206250a93d5c8271c5602ea6c3d
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.src.rpm
File outdated by:  RHSA-2009:1144		     5d45b9218afdadb336cd4461f5a7bf4c
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.src.rpm
File outdated by:  RHSA-2009:1144		     5d45b9218afdadb336cd4461f5a7bf4c
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     b59572f7bb6736d2d0a70ddeabd0cfb4
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     b59572f7bb6736d2d0a70ddeabd0cfb4
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.src.rpm     8fa66f1c2d0602e52cc27acca2eef428
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.src.rpm     8fa66f1c2d0602e52cc27acca2eef428
jcommon-1.0.12-1jpp.ep1.3.el4.src.rpm     7fa7dcae168dae61acf792730edef0fb
jcommon-1.0.12-1jpp.ep1.3.el4.src.rpm     7fa7dcae168dae61acf792730edef0fb
jfreechart-1.0.9-1jpp.ep1.3.el4.src.rpm     6c2ea26a3e7075772f36e9c532b7a5f5
jfreechart-1.0.9-1jpp.ep1.3.el4.src.rpm     6c2ea26a3e7075772f36e9c532b7a5f5
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     3ccad2cb300b45866faf3275d14b0858
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     3ccad2cb300b45866faf3275d14b0858
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.src.rpm
File outdated by:  RHSA-2009:1144		     92ac6d97ca9e3a0f77f5319e5da82c93
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.src.rpm
File outdated by:  RHSA-2009:1144		     92ac6d97ca9e3a0f77f5319e5da82c93
 
IA-32:
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     1b7280c9860cac0e3999aa333e383881
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     1b7280c9860cac0e3999aa333e383881
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0346		     516fcadb954985ba221262fbab9ef82b
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0346		     516fcadb954985ba221262fbab9ef82b
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHSA-2009:1144		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHSA-2009:1144		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     a403e447c043c1886b880e69aa874a45
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     a403e447c043c1886b880e69aa874a45
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     b67dba0c61288717b3b857945248a798
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     b67dba0c61288717b3b857945248a798
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     4689f9c0d1786653ae171d98dad98d4f
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     4689f9c0d1786653ae171d98dad98d4f
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     53d8911db611cefb5fe1503a488676ed
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     53d8911db611cefb5fe1503a488676ed
jboss-seam-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     ccb5e09172d0df5a76afcc76b49a5b40
jboss-seam-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     ccb5e09172d0df5a76afcc76b49a5b40
jboss-seam-docs-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     89fed6dd423b96b730cae57f62810de9
jboss-seam-docs-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     89fed6dd423b96b730cae57f62810de9
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     64bc2e88afdd4d44b72b70713f42a8f3
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     64bc2e88afdd4d44b72b70713f42a8f3
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     50e29240c8fc310b99e64b4603814da8
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     50e29240c8fc310b99e64b4603814da8
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.noarch.rpm     6c6e5a73bd3adc16dad8ba2ef2fd0b9c
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.noarch.rpm     6c6e5a73bd3adc16dad8ba2ef2fd0b9c
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     10b02d5b80e760ceca4812ccb64b832c
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     10b02d5b80e760ceca4812ccb64b832c
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2801429ae9c6e0d5e9816cda1870538e
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2801429ae9c6e0d5e9816cda1870538e
rh-eap-docs-examples-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     5641cc5e848ca468d0d37f5163b85ede
rh-eap-docs-examples-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     5641cc5e848ca468d0d37f5163b85ede
 
x86_64:
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     1b7280c9860cac0e3999aa333e383881
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     1b7280c9860cac0e3999aa333e383881
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0833		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0346		     516fcadb954985ba221262fbab9ef82b
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0346		     516fcadb954985ba221262fbab9ef82b
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHSA-2009:1144		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHSA-2009:1144		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     a403e447c043c1886b880e69aa874a45
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     a403e447c043c1886b880e69aa874a45
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     b67dba0c61288717b3b857945248a798
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     b67dba0c61288717b3b857945248a798
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     4689f9c0d1786653ae171d98dad98d4f
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     4689f9c0d1786653ae171d98dad98d4f
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     53d8911db611cefb5fe1503a488676ed
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     53d8911db611cefb5fe1503a488676ed
jboss-seam-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     ccb5e09172d0df5a76afcc76b49a5b40
jboss-seam-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     ccb5e09172d0df5a76afcc76b49a5b40
jboss-seam-docs-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     89fed6dd423b96b730cae57f62810de9
jboss-seam-docs-1.2.1-1.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     89fed6dd423b96b730cae57f62810de9
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     64bc2e88afdd4d44b72b70713f42a8f3
jbossas-4.2.0-3.GA_CP03.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     64bc2e88afdd4d44b72b70713f42a8f3
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     50e29240c8fc310b99e64b4603814da8
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     50e29240c8fc310b99e64b4603814da8
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.noarch.rpm     6c6e5a73bd3adc16dad8ba2ef2fd0b9c
jbossws-jboss42-1.2.1-0jpp.ep1.4.el4.noarch.rpm     6c6e5a73bd3adc16dad8ba2ef2fd0b9c
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     10b02d5b80e760ceca4812ccb64b832c
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     10b02d5b80e760ceca4812ccb64b832c
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2801429ae9c6e0d5e9816cda1870538e
rh-eap-docs-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2801429ae9c6e0d5e9816cda1870538e
rh-eap-docs-examples-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     5641cc5e848ca468d0d37f5163b85ede
rh-eap-docs-examples-4.2.0-3.GA_CP03.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     5641cc5e848ca468d0d37f5163b85ede
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

437082 - CVE-2008-1285 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces
457757 - CVE-2008-3273 JBossEAP status servlet info leak


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3273
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html

http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/