RHSA-2011:0896Medium

Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update

Published
June 22, 2011
Last Modified
June 27, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2008-7270 — openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack CVE-2009-3245 — openssl: missing bn_wexpand return value checks CVE-2009-3560 — expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences CVE-2009-3720 — expat: buffer over-read and crash on XML with malformed UTF-8 sequences CVE-2009-3767 — OpenLDAP: Doesn't properly handle NULL character in subject Common Name CVE-2010-1157 — tomcat: information disclosure in authentication headers CVE-2010-1452 — mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments CVE-2010-1623 — apr-util: high memory consumption in apr_brigade_split_line() CVE-2010-3718 — tomcat: file permission bypass flaw CVE-2010-4172 — tomcat: cross-site-scripting vulnerability in the manager application CVE-2010-4180 — openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack CVE-2011-0013 — tomcat: XSS vulnerability in HTML Manager interface CVE-2011-0419 — apr: unconstrained recursion in apr_fnmatch CVE-2012-4557 — httpd: mod_proxy_ajp worker moved to error state when timeout exceeded

🔗 References (19)