RHSA-2017:1801HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2016-6304 — openssl: OCSP Status Request extension unbounded memory growth CVE-2016-7056 — openssl: ECDSA P-256 timing attack key recovery CVE-2016-8610 — SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS CVE-2017-5645 — log4j: Socket receiver deserialization vulnerability CVE-2017-5647 — tomcat: Incorrect handling of pipelined requests when send file was used CVE-2017-5648 — tomcat: Calls to application listeners did not use the appropriate facade object CVE-2017-5664 — tomcat: Security constrained bypass in error page mechanism CVE-2017-7674 — tomcat: Vary header not added by CORS filter leading to cache poisoning CVE-2019-17571 — log4j: deserialization of untrusted data in SocketServer
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2017:1801
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441205
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441223
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443635
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1459158
- externalhttps://issues.redhat.com/browse/JWS-657
- externalhttps://issues.redhat.com/browse/JWS-667
- externalhttps://issues.redhat.com/browse/JWS-695
- externalhttps://issues.redhat.com/browse/JWS-709
- externalhttps://issues.redhat.com/browse/JWS-716
- externalhttps://issues.redhat.com/browse/JWS-717
- externalhttps://issues.redhat.com/browse/JWS-725
- externalhttps://issues.redhat.com/browse/JWS-741
- externalhttps://issues.redhat.com/browse/JWS-760
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1801.json