RHSA-2016:1635

Description

Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 Service Pack 1 security update

CVSS Metrics

• v3.0•MEDIUM•Score: 5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Affected Systems

• redhat•httpd24

  < 0:2.4.6-62.ep7.el7

• redhat•httpd24-debuginfo

  < 0:2.4.6-62.ep7.el7

• redhat•httpd24-devel

  < 0:2.4.6-62.ep7.el7

• redhat•httpd24-manual

  < 0:2.4.6-62.ep7.el7

• redhat•httpd24-tools

  < 0:2.4.6-62.ep7.el7

• redhat•mod_ldap24

  < 0:2.4.6-62.ep7.el7

• redhat•mod_proxy24_html

  < 1:2.4.6-62.ep7.el7

• redhat•mod_session24

  < 0:2.4.6-62.ep7.el7

• redhat•mod_ssl24

  < 1:2.4.6-62.ep7.el7

• redhat•tomcat7

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-admin-webapps

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-docs-webapp

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-el-2.2-api

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-javadoc

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-jsp-2.2-api

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-lib

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-log4j

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-servlet-3.0-api

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat7-webapps

  < 0:7.0.59-51_patch_01.ep7.el7

• redhat•tomcat8

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-admin-webapps

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-docs-webapp

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-el-2.2-api

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-javadoc

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-jsp-2.3-api

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-lib

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-log4j

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-servlet-3.1-api

  < 0:8.0.18-62_patch_01.ep7.el7

• redhat•tomcat8-webapps

  < 0:8.0.18-62_patch_01.ep7.el7

References (17)

• https://access.redhat.com/errata/RHSA-2016:1635
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html
• https://access.redhat.com/security/vulnerabilities/httpoxy
• https://access.redhat.com/solutions/2435491
• https://bugzilla.redhat.com/show_bug.cgi?id=1353755
• https://bugzilla.redhat.com/show_bug.cgi?id=1353809
• https://issues.redhat.com/browse/JWS-483
• https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1635.json
• https://access.redhat.com/security/cve/CVE-2016-5387
• https://www.cve.org/CVERecord?id=CVE-2016-5387
• https://nvd.nist.gov/vuln/detail/CVE-2016-5387
• https://httpoxy.org/
• https://www.apache.org/security/asf-httpoxy-response.txt
• https://access.redhat.com/security/cve/CVE-2016-5388
• https://www.cve.org/CVERecord?id=CVE-2016-5388
• https://nvd.nist.gov/vuln/detail/CVE-2016-5388