Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update
🔗 CVE IDs covered (14)
📋 Description
CVE-2008-7270 — openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack CVE-2009-3245 — openssl: missing bn_wexpand return value checks CVE-2009-3560 — expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences CVE-2009-3720 — expat: buffer over-read and crash on XML with malformed UTF-8 sequences CVE-2009-3767 — OpenLDAP: Doesn't properly handle NULL character in subject Common Name CVE-2010-1157 — tomcat: information disclosure in authentication headers CVE-2010-1452 — mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments CVE-2010-1623 — apr-util: high memory consumption in apr_brigade_split_line() CVE-2010-3718 — tomcat: file permission bypass flaw CVE-2010-4172 — tomcat: cross-site-scripting vulnerability in the manager application CVE-2010-4180 — openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack CVE-2011-0013 — tomcat: XSS vulnerability in HTML Manager interface CVE-2011-0419 — apr: unconstrained recursion in apr_fnmatch CVE-2012-4557 — httpd: mod_proxy_ajp worker moved to error state when timeout exceeded
🔗 References (19)
- selfhttps://access.redhat.com/errata/RHSA-2011:0896
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttp://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=1.0.2
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=530715
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=531697
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=533174
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=570924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=585331
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=618189
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=632994
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=640281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=656246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=659462
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=660650
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=675786
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=675792
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=703390
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0896.json