RHSA-2016:2056HighCVSS 5.6
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.10 update
🔗 CVE IDs covered (9)
📋 Description
CVE-2015-3183 — httpd: HTTP request smuggling attack against chunked request parser CVE-2015-3195 — OpenSSL: X509_ATTRIBUTE memory leak CVE-2015-4000 — LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2016-2105 — openssl: EVP_EncodeUpdate overflow CVE-2016-2106 — openssl: EVP_EncryptUpdate overflow CVE-2016-2108 — openssl: Memory corruption in the ASN.1 encoder CVE-2016-2109 — openssl: ASN.1 BIO handling of large amounts of data CVE-2016-3110 — mod_cluster: remotely Segfault Apache http server CVE-2016-4459 — mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2016:2056
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/articles/2688611
- externalhttps://access.redhat.com/solutions/222023
- externalhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243887
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1288322
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1326320
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1330101
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1331402
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1331441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1331536
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1341583
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2056.json