RHSA-2017:1802HighCVSS 9.8
Red Hat Security Advisory: Red Hat JBoss Web Server Service Pack 1 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2016-6304 — openssl: OCSP Status Request extension unbounded memory growth CVE-2016-7056 — openssl: ECDSA P-256 timing attack key recovery CVE-2016-8610 — SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS CVE-2017-5645 — log4j: Socket receiver deserialization vulnerability CVE-2017-5647 — tomcat: Incorrect handling of pipelined requests when send file was used CVE-2017-5648 — tomcat: Calls to application listeners did not use the appropriate facade object CVE-2017-5664 — tomcat: Security constrained bypass in error page mechanism CVE-2017-7674 — tomcat: Vary header not added by CORS filter leading to cache poisoning CVE-2019-17571 — log4j: deserialization of untrusted data in SocketServer
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2017:1802
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=3.1
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html
- externalhttps://access.redhat.com/security/vulnerabilities/httpoxy
- externalhttps://access.redhat.com/solutions/2435491
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441205
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441223
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443635
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1459158
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1802.json