RHSA-2018:2185
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
CVSS Metrics
- v3.0•MEDIUM•Score: 6.2CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•jbcs-httpd24-apache-commons-daemon
< 0:1.1.0-1.redhat_2.1.jbcs.el7
- redhat•jbcs-httpd24-apache-commons-daemon-jsvc
< 1:1.1.0-1.redhat_2.jbcs.el7
- redhat•jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo
< 1:1.1.0-1.redhat_2.jbcs.el7
- redhat•jbcs-httpd24-apr
< 0:1.6.3-14.jbcs.el7
- redhat•jbcs-httpd24-apr-debuginfo
< 0:1.6.3-14.jbcs.el7
- redhat•jbcs-httpd24-apr-devel
< 0:1.6.3-14.jbcs.el7
- redhat•jbcs-httpd24-apr-util
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-debuginfo
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-devel
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-ldap
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-mysql
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-nss
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-odbc
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-openssl
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-pgsql
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-apr-util-sqlite
< 0:1.6.1-9.jbcs.el7
- redhat•jbcs-httpd24-httpd
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-httpd-debuginfo
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-httpd-devel
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-httpd-manual
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-httpd-selinux
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-httpd-tools
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-mod_auth_kerb
< 0:5.4-36.jbcs.el7
- redhat•jbcs-httpd24-mod_auth_kerb-debuginfo
< 0:5.4-36.jbcs.el7
- redhat•jbcs-httpd24-mod_bmx
< 0:0.9.6-17.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_bmx-debuginfo
< 0:0.9.6-17.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_cluster-native
< 0:1.3.8-1.Final_redhat_2.jbcs.el7
- redhat•jbcs-httpd24-mod_cluster-native-debuginfo
< 0:1.3.8-1.Final_redhat_2.jbcs.el7
- redhat•jbcs-httpd24-mod_jk
< 0:1.2.43-1.redhat_1.jbcs.el7
- redhat•jbcs-httpd24-mod_jk-ap24
< 0:1.2.43-1.redhat_1.jbcs.el7
- redhat•jbcs-httpd24-mod_jk-debuginfo
< 0:1.2.43-1.redhat_1.jbcs.el7
- redhat•jbcs-httpd24-mod_jk-manual
< 0:1.2.43-1.redhat_1.jbcs.el7
- redhat•jbcs-httpd24-mod_ldap
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-mod_proxy_html
< 1:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-mod_rt
< 0:2.4.1-19.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_rt-debuginfo
< 0:2.4.1-19.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_security
< 0:2.9.1-23.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_security-debuginfo
< 0:2.9.1-23.GA.jbcs.el7
- redhat•jbcs-httpd24-mod_session
< 0:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-mod_ssl
< 1:2.4.29-17.jbcs.el7
- redhat•jbcs-httpd24-nghttp2
< 0:1.29.0-8.jbcs.el7
- redhat•jbcs-httpd24-nghttp2-debuginfo
< 0:1.29.0-8.jbcs.el7
- redhat•jbcs-httpd24-nghttp2-devel
< 0:1.29.0-8.jbcs.el7
- redhat•jbcs-httpd24-openssl
< 1:1.0.2n-11.jbcs.el7
- redhat•jbcs-httpd24-openssl-debuginfo
< 1:1.0.2n-11.jbcs.el7
- redhat•jbcs-httpd24-openssl-devel
< 1:1.0.2n-11.jbcs.el7
- redhat•jbcs-httpd24-openssl-libs
< 1:1.0.2n-11.jbcs.el7
- redhat•jbcs-httpd24-openssl-perl
< 1:1.0.2n-11.jbcs.el7
- redhat•jbcs-httpd24-openssl-static
< 1:1.0.2n-11.jbcs.el7
References (52)
- https://access.redhat.com/errata/RHSA-2018:2185
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/
- https://bugzilla.redhat.com/show_bug.cgi?id=1367340
- https://bugzilla.redhat.com/show_bug.cgi?id=1369855
- https://bugzilla.redhat.com/show_bug.cgi?id=1377594
- https://bugzilla.redhat.com/show_bug.cgi?id=1393929
- https://bugzilla.redhat.com/show_bug.cgi?id=1416852
- https://bugzilla.redhat.com/show_bug.cgi?id=1416856
- https://bugzilla.redhat.com/show_bug.cgi?id=1509169
- https://bugzilla.redhat.com/show_bug.cgi?id=1523504
- https://bugzilla.redhat.com/show_bug.cgi?id=1523510
- https://issues.redhat.com/browse/JBCS-373
- https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json
- https://access.redhat.com/security/cve/CVE-2016-2182
- https://www.cve.org/CVERecord?id=CVE-2016-2182
- https://nvd.nist.gov/vuln/detail/CVE-2016-2182
- https://www.openssl.org/news/secadv/20160922.txt
- https://access.redhat.com/security/cve/CVE-2016-4975
- https://bugzilla.redhat.com/show_bug.cgi?id=1375968
- https://www.cve.org/CVERecord?id=CVE-2016-4975
- https://nvd.nist.gov/vuln/detail/CVE-2016-4975
- https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
- https://access.redhat.com/security/cve/CVE-2016-6302
- https://www.cve.org/CVERecord?id=CVE-2016-6302
- https://nvd.nist.gov/vuln/detail/CVE-2016-6302
- https://access.redhat.com/security/cve/CVE-2016-6306
- https://www.cve.org/CVERecord?id=CVE-2016-6306
- https://nvd.nist.gov/vuln/detail/CVE-2016-6306
- https://access.redhat.com/security/cve/CVE-2016-7055
- https://www.cve.org/CVERecord?id=CVE-2016-7055
- https://nvd.nist.gov/vuln/detail/CVE-2016-7055
- https://www.openssl.org/news/secadv/20161110.txt
- https://www.openssl.org/news/secadv/20170126.txt
- https://access.redhat.com/security/cve/CVE-2017-3731
- https://www.cve.org/CVERecord?id=CVE-2017-3731
- https://nvd.nist.gov/vuln/detail/CVE-2017-3731
- https://access.redhat.com/security/cve/CVE-2017-3732
- https://www.cve.org/CVERecord?id=CVE-2017-3732
- https://nvd.nist.gov/vuln/detail/CVE-2017-3732
- https://access.redhat.com/security/cve/CVE-2017-3736
- https://www.cve.org/CVERecord?id=CVE-2017-3736
- https://nvd.nist.gov/vuln/detail/CVE-2017-3736
- https://www.openssl.org/news/secadv/20171102.txt
- https://access.redhat.com/security/cve/CVE-2017-3737
- https://www.cve.org/CVERecord?id=CVE-2017-3737
- https://nvd.nist.gov/vuln/detail/CVE-2017-3737
- https://www.openssl.org/news/secadv/20171207.txt
- https://access.redhat.com/security/cve/CVE-2017-3738
- https://www.cve.org/CVERecord?id=CVE-2017-3738
- https://nvd.nist.gov/vuln/detail/CVE-2017-3738