RHSA-2015:2659

Description

Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.2 security update

CVSS Metrics

• v3.0•MEDIUM•Score: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Systems

• redhat•apache-commons-collections-eap6

  < 0:3.2.1-18.redhat_7.1.ep6.el6

• redhat•apache-commons-collections-tomcat-eap6

  < 0:3.2.1-18.redhat_7.1.ep6.el6

• redhat•httpd24

  < 0:2.4.6-59.ep7.el6

• redhat•httpd24-debuginfo

  < 0:2.4.6-59.ep7.el6

• redhat•httpd24-devel

  < 0:2.4.6-59.ep7.el6

• redhat•httpd24-manual

  < 0:2.4.6-59.ep7.el6

• redhat•httpd24-tools

  < 0:2.4.6-59.ep7.el6

• redhat•mod_bmx

  < 0:0.9.5-7.GA.ep7.el6

• redhat•mod_bmx-debuginfo

  < 0:0.9.5-7.GA.ep7.el6

• redhat•mod_cluster-native

  < 0:1.3.1-6.Final_redhat_2.ep7.el6

• redhat•mod_cluster-native-debuginfo

  < 0:1.3.1-6.Final_redhat_2.ep7.el6

• redhat•mod_ldap24

  < 0:2.4.6-59.ep7.el6

• redhat•mod_proxy24_html

  < 1:2.4.6-59.ep7.el6

• redhat•mod_session24

  < 0:2.4.6-59.ep7.el6

• redhat•mod_ssl24

  < 1:2.4.6-59.ep7.el6

• redhat•tomcat-vault

  < 0:1.0.8-4.Final_redhat_4.1.ep7.el6

• redhat•tomcat7

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-admin-webapps

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-docs-webapp

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-el-2.2-api

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-javadoc

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-jsp-2.2-api

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-lib

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-log4j

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-servlet-3.0-api

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat7-webapps

  < 0:7.0.59-42_patch_01.ep7.el6

• redhat•tomcat8

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-admin-webapps

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-docs-webapp

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-el-2.2-api

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-javadoc

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-jsp-2.3-api

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-lib

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-log4j

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-servlet-3.1-api

  < 0:8.0.18-52_patch_01.ep7.el6

• redhat•tomcat8-webapps

  < 0:8.0.18-52_patch_01.ep7.el6

References (31)

• https://access.redhat.com/errata/RHSA-2015:2659
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=1082903
• https://bugzilla.redhat.com/show_bug.cgi?id=1191200
• https://bugzilla.redhat.com/show_bug.cgi?id=1243887
• https://bugzilla.redhat.com/show_bug.cgi?id=1263879
• https://issues.redhat.com/browse/JWS-219
• https://issues.redhat.com/browse/JWS-220
• https://issues.redhat.com/browse/JWS-228
• https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2659.json
• https://access.redhat.com/security/cve/CVE-2013-5704
• https://www.cve.org/CVERecord?id=CVE-2013-5704
• https://nvd.nist.gov/vuln/detail/CVE-2013-5704
• https://access.redhat.com/security/cve/CVE-2014-0230
• https://www.cve.org/CVERecord?id=CVE-2014-0230
• https://nvd.nist.gov/vuln/detail/CVE-2014-0230
• http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
• http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9
• https://access.redhat.com/security/cve/CVE-2014-3581
• https://bugzilla.redhat.com/show_bug.cgi?id=1149709
• https://www.cve.org/CVERecord?id=CVE-2014-3581
• https://nvd.nist.gov/vuln/detail/CVE-2014-3581
• https://access.redhat.com/security/cve/CVE-2015-3183
• https://www.cve.org/CVERecord?id=CVE-2015-3183
• https://nvd.nist.gov/vuln/detail/CVE-2015-3183
• https://access.redhat.com/security/cve/CVE-2015-5174
• https://bugzilla.redhat.com/show_bug.cgi?id=1265698
• https://www.cve.org/CVERecord?id=CVE-2015-5174
• https://nvd.nist.gov/vuln/detail/CVE-2015-5174
• http://seclists.org/bugtraq/2016/Feb/149