Lucene search

HistoryAug 13, 2015 - 3:24 p.m.

(RHSA-2015:1622) Moderate: Red Hat JBoss Web Server 2.1.0 tomcat security update


0.073 Low




Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

It was found that the expression language resolver evaluated expressions
within a privileged code section. A malicious web application could use
this flaw to bypass security manager protections. (CVE-2014-7810)

It was found that Tomcat would keep connections open after processing
requests with a large enough request body. A remote attacker could
potentially use this flaw to exhaust the pool of available connections and
preventing further, legitimate connections to the Tomcat server to be made.

All users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat
Customer Portal are advised to apply this update. The Red Hat JBoss Web
Server process must be restarted for the update to take effect.