RHSA-2017:3113

Description

Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update

CVSS Metrics

• v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•httpd

  < 0:2.2.26-57.ep6.el6

• redhat•httpd-debuginfo

  < 0:2.2.26-57.ep6.el6

• redhat•httpd-devel

  < 0:2.2.26-57.ep6.el6

• redhat•httpd-manual

  < 0:2.2.26-57.ep6.el6

• redhat•httpd-tools

  < 0:2.2.26-57.ep6.el6

• redhat•httpd22

  < 0:2.2.26-58.ep6.el7

• redhat•httpd22-debuginfo

  < 0:2.2.26-58.ep6.el7

• redhat•httpd22-devel

  < 0:2.2.26-58.ep6.el7

• redhat•httpd22-manual

  < 0:2.2.26-58.ep6.el7

• redhat•httpd22-tools

  < 0:2.2.26-58.ep6.el7

• redhat•jbcs-httpd24-openssl

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-debuginfo

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-devel

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-libs

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-perl

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-static

  < 1:1.0.2h-14.jbcs.el6 | < 1:1.0.2h-14.jbcs.el7

• redhat•mod_cluster-native

  < 0:1.2.13-9.Final_redhat_2.ep6.el6 | < 0:1.2.13-9.Final_redhat_2.ep6.el7

• redhat•mod_cluster-native-debuginfo

  < 0:1.2.13-9.Final_redhat_2.ep6.el6 | < 0:1.2.13-9.Final_redhat_2.ep6.el7

• redhat•mod_ldap

  < 0:2.2.26-57.ep6.el6

• redhat•mod_ldap22

  < 0:2.2.26-58.ep6.el7

• redhat•mod_ssl

  < 1:2.2.26-57.ep6.el6

• redhat•mod_ssl22

  < 1:2.2.26-58.ep6.el7

• redhat•tomcat6

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-admin-webapps

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-docs-webapp

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-el-2.1-api

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-javadoc

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-jsp-2.1-api

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-lib

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-log4j

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-maven-devel

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-servlet-2.5-api

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat6-webapps

  < 0:6.0.41-19_patch_04.ep6.el6 | < 0:6.0.41-19_patch_04.ep6.el7

• redhat•tomcat7

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-admin-webapps

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-docs-webapp

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-el-2.2-api

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-javadoc

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-jsp-2.2-api

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-lib

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-log4j

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-maven-devel

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-servlet-3.0-api

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

• redhat•tomcat7-webapps

  < 0:7.0.54-28_patch_05.ep6.el6 | < 0:7.0.54-28_patch_05.ep6.el7

References (35)

• https://access.redhat.com/errata/RHSA-2017:3113
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/articles/3227901
• https://bugzilla.redhat.com/show_bug.cgi?id=1369383
• https://bugzilla.redhat.com/show_bug.cgi?id=1470748
• https://bugzilla.redhat.com/show_bug.cgi?id=1490344
• https://bugzilla.redhat.com/show_bug.cgi?id=1493075
• https://bugzilla.redhat.com/show_bug.cgi?id=1493220
• https://bugzilla.redhat.com/show_bug.cgi?id=1494283
• https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3113.json
• https://access.redhat.com/security/cve/CVE-2016-2183
• https://www.cve.org/CVERecord?id=CVE-2016-2183
• https://nvd.nist.gov/vuln/detail/CVE-2016-2183
• https://access.redhat.com/articles/2548661
• https://access.redhat.com/errata/RHSA-2016:1940
• https://sweet32.info/
• https://access.redhat.com/security/cve/CVE-2017-9788
• https://www.cve.org/CVERecord?id=CVE-2017-9788
• https://nvd.nist.gov/vuln/detail/CVE-2017-9788
• https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34
• https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
• https://access.redhat.com/security/cve/CVE-2017-9798
• https://www.cve.org/CVERecord?id=CVE-2017-9798
• https://nvd.nist.gov/vuln/detail/CVE-2017-9798
• https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
• https://access.redhat.com/security/cve/CVE-2017-12615
• https://www.cve.org/CVERecord?id=CVE-2017-12615
• https://nvd.nist.gov/vuln/detail/CVE-2017-12615
• https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://access.redhat.com/security/cve/CVE-2017-12617
• https://www.cve.org/CVERecord?id=CVE-2017-12617
• https://nvd.nist.gov/vuln/detail/CVE-2017-12617
• https://tomcat.apache.org/security-7.html
• https://tomcat.apache.org/security-8.html