Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat JBoss Fuse 6.3 RHSA-2018-2840 Low Threat: HTTPOnly Cookies Issue

red hat
Calendar Grey October 1, 2018
Dist Redhat Esm H88
Red Hat releases a minor security notice for JBoss Fuse/A-MQ 6.3 R9. Discover the modifications and patches provided.
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Installation instructions are located in the download section of the customer portal.

The References section of this erratum contains a download link (you must log in to download the update).

Summary

Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the References section below.
Security fix(es):
* A-MQ Console: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Naftali Rosenbaum (Comsec Consulting) for reporting CVE-2015-5183.

Topics%20covered

Topics Covered

security advisory security issue low threat red hat jboss fuse httponly cookies

References

https://access.redhat.com/security/cve/CVE-2015-5183 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3 https://access.redhat.com/documentation/en-us/red_hat_fuse/6.3/

Package List


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:2840-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2840
Issue date: 2018-10-01

Topic

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBossA-MQ 6.3.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue low threat red hat jboss fuse httponly cookies

Relevant Releases Architectures

Bugs Fixed

1249182 - CVE-2015-5183 A-MQ Console: HTTPOnly and Secure attributes not set on cookies

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here