RHSA-2014:0389: jasperreports-server-pro security update
An updated jasperreports-server-pro package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. XStream is a simple library used by the Red Hat Enterprise Virtualization reports package to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. (CVE-2013-7285) All jasperreports-server-pro users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
In some places, Jenkins XML API uses XStream to deserialize arbitrary content, which is affected by reported against XStream. This allows malicious users of Jenkins with a limited set of permissions to execute arbitrary code inside Jenkins master.
Overview This repository contains the junit tests to demonstrate how XStream v149 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in v
Overview This repository contains the junit tests to demonstrate how XStream v149 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in v
Overview This repository contains the junit tests to demonstrate how XStream v1411 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in
Overview This repository contains the junit tests to demonstrate how XStream v1411 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in
Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage > mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------
Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage > mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------
Vulmon