Hyperic HQ Known Vulnerabilities
Components of Hyperic HQ
Hyperic HQ is built with the following components. Please see the security advisories information for each component for more information on the security vulnerabilities and issues that may affect that component.
| Component | Security advisories |
|---|---|
| JBoss Application Server 4.0.x | No longer supported |
| JBoss Application Server 4.2.x | 4.2.x errata |
Hyperic HQ is built using the following versions of these components
| Hyperic HQ version | JBoss Application Server version |
|---|---|
| 3.2.x | 4.0.3 SP1 |
| 4.0.x | 4.0.3 SP1 |
| 4.1.x | 4.2.3 |
| 4.2.x | 4.2.3 |
Note that CVE-2009-3555, the SSL protocol MITM vulnerability, may be worked around via configuration. Since JBoss 4.2.x uses Apache Tomcat 6.0.x, details may be obtained from the Tomcat 6 security advisories page.
Known Vulnerabilities in Hyperic HQ
The following vulnerabilities are known to exist in Hyperic HQ. The information in this section may not be complete for unsupported versions. Users of unsupported versions are strongly encouraged to upgrade to a supported version.
| Date | Vulnerability | Fixed in version | |||
| 4.2 | 4.1 | 4.0 | 3.2 | ||
|---|---|---|---|---|---|
| 2 October 2009 | CVE-2009-2898 | 4.2-beta2 | 4.1.2.1 | 4.0.3.1 | 3.2.6.1 |
| 2 October 2009 | CVE-2009-2897 | 4.2-beta2 | 4.1.2.1 | 4.0.3.1 | 3.2.6.1 |