RHSA-2017:0455
Advisory lineage Upstream: 11 Downstream: 0
Published: 29 Sept 2024, 17:09
Last modified:15 May 2026, 10:04
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
8.1 HIGH
3.0 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 Sept 2024, 17:09
Published
Vulnerability first disclosed
15 May 2026, 10:04
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
CVSS Metrics
- v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•hibernate4-c3p0-eap6
< 0:4.2.23-1.Final_redhat_1.1.ep6.el6
- redhat•hibernate4-core-eap6
< 0:4.2.23-1.Final_redhat_1.1.ep6.el6
- redhat•hibernate4-eap6
< 0:4.2.23-1.Final_redhat_1.1.ep6.el6
- redhat•hibernate4-entitymanager-eap6
< 0:4.2.23-1.Final_redhat_1.1.ep6.el6
- redhat•hibernate4-envers-eap6
< 0:4.2.23-1.Final_redhat_1.1.ep6.el6
- redhat•jbcs-httpd24-apache-commons-daemon
< 0:1.0.15-1.redhat_2.1.jbcs.el6
- redhat•jbcs-httpd24-apache-commons-daemon-jsvc
< 1:1.0.15-17.redhat_2.jbcs.el6
- redhat•jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo
< 1:1.0.15-17.redhat_2.jbcs.el6
- redhat•jbcs-httpd24-runtime
< 0:1-3.jbcs.el6
- redhat•mod_cluster
< 0:1.3.5-2.Final_redhat_2.1.ep7.el6
- redhat•mod_cluster-tomcat7
< 0:1.3.5-2.Final_redhat_2.1.ep7.el6
- redhat•mod_cluster-tomcat8
< 0:1.3.5-2.Final_redhat_2.1.ep7.el6
- redhat•tomcat-native
< 0:1.2.8-9.redhat_9.ep7.el6
- redhat•tomcat-native-debuginfo
< 0:1.2.8-9.redhat_9.ep7.el6
- redhat•tomcat-vault
< 0:1.0.8-9.Final_redhat_2.1.ep7.el6
- redhat•tomcat7
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-admin-webapps
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-docs-webapp
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-el-2.2-api
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-javadoc
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-jsp-2.2-api
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-jsvc
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-lib
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-log4j
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-selinux
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-servlet-3.0-api
< 0:7.0.70-16.ep7.el6
- redhat•tomcat7-webapps
< 0:7.0.70-16.ep7.el6
- redhat•tomcat8
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-admin-webapps
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-docs-webapp
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-el-2.2-api
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-javadoc
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-jsp-2.3-api
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-jsvc
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-lib
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-log4j
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-selinux
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-servlet-3.1-api
< 0:8.0.36-17.ep7.el6
- redhat•tomcat8-webapps
< 0:8.0.36-17.ep7.el6
References (65)
- https://access.redhat.com/errata/RHSA-2017:0455
- https://access.redhat.com/security/updates/classification/#important
- https://bugzilla.redhat.com/show_bug.cgi?id=1349468
- https://bugzilla.redhat.com/show_bug.cgi?id=1367447
- https://bugzilla.redhat.com/show_bug.cgi?id=1376712
- https://bugzilla.redhat.com/show_bug.cgi?id=1390493
- https://bugzilla.redhat.com/show_bug.cgi?id=1390515
- https://bugzilla.redhat.com/show_bug.cgi?id=1390520
- https://bugzilla.redhat.com/show_bug.cgi?id=1390525
- https://bugzilla.redhat.com/show_bug.cgi?id=1390526
- https://bugzilla.redhat.com/show_bug.cgi?id=1397484
- https://bugzilla.redhat.com/show_bug.cgi?id=1397485
- https://bugzilla.redhat.com/show_bug.cgi?id=1403824
- https://issues.redhat.com/browse/JWS-267
- https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0455.json
- https://access.redhat.com/security/cve/CVE-2016-0762
- https://www.cve.org/CVERecord?id=CVE-2016-0762
- https://nvd.nist.gov/vuln/detail/CVE-2016-0762
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47
- https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37
- https://access.redhat.com/security/cve/CVE-2016-1240
- https://www.cve.org/CVERecord?id=CVE-2016-1240
- https://nvd.nist.gov/vuln/detail/CVE-2016-1240
- http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt
- https://access.redhat.com/security/cve/CVE-2016-3092
- https://www.cve.org/CVERecord?id=CVE-2016-3092
- https://nvd.nist.gov/vuln/detail/CVE-2016-3092
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- https://access.redhat.com/security/cve/CVE-2016-5018
- https://www.cve.org/CVERecord?id=CVE-2016-5018
- https://nvd.nist.gov/vuln/detail/CVE-2016-5018
- https://access.redhat.com/security/cve/CVE-2016-6325
- https://www.cve.org/CVERecord?id=CVE-2016-6325
- https://nvd.nist.gov/vuln/detail/CVE-2016-6325
- https://access.redhat.com/security/cve/CVE-2016-6794
- https://www.cve.org/CVERecord?id=CVE-2016-6794
- https://nvd.nist.gov/vuln/detail/CVE-2016-6794
- https://access.redhat.com/security/cve/CVE-2016-6796
- https://www.cve.org/CVERecord?id=CVE-2016-6796
- https://nvd.nist.gov/vuln/detail/CVE-2016-6796
- https://access.redhat.com/security/cve/CVE-2016-6797
- https://www.cve.org/CVERecord?id=CVE-2016-6797
- https://nvd.nist.gov/vuln/detail/CVE-2016-6797
- https://access.redhat.com/security/cve/CVE-2016-6816
- https://www.cve.org/CVERecord?id=CVE-2016-6816
- https://nvd.nist.gov/vuln/detail/CVE-2016-6816
- https://access.redhat.com/articles/2991951
- https://access.redhat.com/solutions/2891171
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48
- https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8
- https://access.redhat.com/security/cve/CVE-2016-8735
- https://www.cve.org/CVERecord?id=CVE-2016-8735
- https://nvd.nist.gov/vuln/detail/CVE-2016-8735
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://access.redhat.com/security/cve/CVE-2016-8745
- https://www.cve.org/CVERecord?id=CVE-2016-8745
- https://nvd.nist.gov/vuln/detail/CVE-2016-8745
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49
- https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9