- Home
- CVEs with nessus.description==An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6
and Red Hat JBoss Web Server 3.1 for RHEL 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as
a replacement for Red Hat JBoss Web Server 3.1, and includes bug
fixes, which are documented in the Release Notes document linked to in
the References.
Security Fix(es) :
* apr: Out-of-bounds array deref in apr_time_exp*() functions
(CVE-2017-12613)
* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)
* tomcat: Information Disclosure when using VirtualDirContext
(CVE-2017-12616)
* tomcat: Remote Code Execution bypass for CVE-2017-12615
(CVE-2017-12617)
* tomcat-native: Mishandling of client certificates can allow for OCSP
check bypass (CVE-2017-15698)
* tomcat: Incorrect handling of empty string URL in security
constraints can lead to unintended exposure of resources
(CVE-2018-1304)
* tomcat: Late application of security constraints can lead to
resource exposure for unauthorised users (CVE-2018-1305)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top