-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-026

Title: JBoss Enterprice Aplication Platform update [1]

Version history:
06.03.2014 Initial publication


Summary
=======
An update for Red Hat JBoss Enterprise Application Platform 6.2.1 is now available from the Red Hat Customer Portal.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

CVE numbers: 
CVE-2014-0050 CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) 

Affected Versions
=================
JBoss Enterprise Application Platform 6.2.1

Original Details
================
A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss EAP, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050)

What can you do?
================
This update is available via the Red Hat Network. [1]


What to tell your users
=======================

N/A

More information
================
[1]  https://rhn.redhat.com/errata/RHSA-2014-0252.html

Best regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJTGH/ZAAoJEPpzpNLI8SVoncYP/0qp0f0No0VcNp0xrFFbx3bd
//lE7B08HHZCs690uhVIr3AqUvy7KiNvGgj12arpZzO250GIRekVbXa/JyJs3O/w
UniPPhuYdY0qo6qm9SCTjC6DeAkwtnkInLRm7FHHtCNS4aeACx8ZomQXmyLrkhVF
JYKn+nk04lLtNIgwTaXr90TOFg6cSLk3lIOYO8K/7LljF5oDOADL4kb2XqDBm/CC
qPVYuYge+9wZv8kUgFo6Kw31/qgQABG0D6EuFre3gpHeemSBju+xJkWyOj/SwdZy
O7xmvD2XsrJYrz0xVBfkokaG/vZh6HkHnoFE+KMDKcpy8LSf8rbwa2TYFAyjjQKZ
emxMmYrYWLC85WksnqbHzNv0NC/H5MDMMcun6ay6Hier68MprRZFCxO7h+xeAXm9
nu7aV9f1PJHgkY5wN3+3Pbf44RKftsWe7OIjFUq3sdQYbijYVKzd3CqJXeTkWbD5
P2p0k73O7BCKPHSx9KTOPYmXl/DwdTXHP30mmkBN+2CbjPBvcrhm4eRQhwDmoYwH
4Ap0e+py0uuJOAtmNpnhUJO6MiDVtR0RFvkx66HUAO7FCCJhpIA70tZoAA4gThI5
AkJiBqY0hRjTAFX7mpDNa+nBThL/sckYjpVHli752L1EKM7RKF3zpBLQ4O5n5PAL
bBJNgQs6JO8QPUPVoKnn
=yFuy
-----END PGP SIGNATURE-----