RHSA-2018:2469

Description

Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

CVSS Metrics

• v3.0•HIGH•Score: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected Systems

• redhat•tomcat-native

  < 0:1.2.17-17.redhat_17.ep7.el6 | < 0:1.2.17-17.redhat_17.ep7.el7

• redhat•tomcat-native-debuginfo

  < 0:1.2.17-17.redhat_17.ep7.el6 | < 0:1.2.17-17.redhat_17.ep7.el7

• redhat•tomcat7

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-admin-webapps

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-docs-webapp

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-el-2.2-api

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-javadoc

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-jsp-2.2-api

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-jsvc

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-lib

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-log4j

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-selinux

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-servlet-3.0-api

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat7-webapps

  < 0:7.0.70-27.ep7.el6 | < 0:7.0.70-27.ep7.el7

• redhat•tomcat8

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-admin-webapps

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-docs-webapp

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-el-2.2-api

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-javadoc

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-jsp-2.3-api

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-jsvc

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-lib

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-log4j

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-selinux

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-servlet-3.1-api

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

• redhat•tomcat8-webapps

  < 0:8.0.36-31.ep7.el6 | < 0:8.0.36-31.ep7.el7

References (23)

• https://access.redhat.com/errata/RHSA-2018:2469
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html-single/red_hat_jboss_web_server_3.1_service_pack_4_release_notes/
• https://bugzilla.redhat.com/show_bug.cgi?id=1579611
• https://bugzilla.redhat.com/show_bug.cgi?id=1581569
• https://bugzilla.redhat.com/show_bug.cgi?id=1583998
• https://issues.redhat.com/browse/JWS-1042
• https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2469.json
• https://access.redhat.com/security/cve/CVE-2018-8014
• https://www.cve.org/CVERecord?id=CVE-2018-8014
• https://nvd.nist.gov/vuln/detail/CVE-2018-8014
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89
• http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53
• http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32
• http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9
• https://access.redhat.com/security/cve/CVE-2018-8019
• https://www.cve.org/CVERecord?id=CVE-2018-8019
• https://nvd.nist.gov/vuln/detail/CVE-2018-8019
• http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E
• http://tomcat.apache.org/security-native.html#Fixed_in_Apache_Tomcat_Native_Connector_1.2.17
• https://access.redhat.com/security/cve/CVE-2018-8020
• https://www.cve.org/CVERecord?id=CVE-2018-8020
• https://nvd.nist.gov/vuln/detail/CVE-2018-8020