RHSA-2017:1801HighCVSS 9.8

Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update

Published
July 25, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (9)

📋 Description

CVE-2016-6304 — openssl: OCSP Status Request extension unbounded memory growth CVE-2016-7056 — openssl: ECDSA P-256 timing attack key recovery CVE-2016-8610 — SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS CVE-2017-5645 — log4j: Socket receiver deserialization vulnerability CVE-2017-5647 — tomcat: Incorrect handling of pipelined requests when send file was used CVE-2017-5648 — tomcat: Calls to application listeners did not use the appropriate facade object CVE-2017-5664 — tomcat: Security constrained bypass in error page mechanism CVE-2017-7674 — tomcat: Vary header not added by CORS filter leading to cache poisoning CVE-2019-17571 — log4j: deserialization of untrusted data in SocketServer

🔗 References (16)