Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
It was found that Tomcat would keep connections open after processing
requests with a large enough request body. A remote attacker could
potentially use this flaw to exhaust the pool of available connections
and prevent further, legitimate connections to the Tomcat server.
(CVE-2014-0230)
A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could
use Trailer headers to set additional HTTP headers after header
processing was performed by other modules. This could, for example,
lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could
use these flaws to create a specially crafted request, which httpd
would decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
Users of Red Hat JBoss Web Server are advised to upgrade to these
updated packages, which add this enhancement.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | mod_bmx | < 0.9.5-7.GA.ep7.el6 | mod_bmx-0.9.5-7.GA.ep7.el6.i686.rpm |
RedHat | 6 | i686 | httpd24-debuginfo | < 2.4.6-59.ep7.el6 | httpd24-debuginfo-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | noarch | tomcat7 | < 7.0.59-42_patch_01.ep7.el6 | tomcat7-7.0.59-42_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | x86_64 | httpd24 | < 2.4.6-59.ep7.el6 | httpd24-2.4.6-59.ep7.el6.x86_64.rpm |
RedHat | 6 | noarch | tomcat7-servlet-3.0-api | < 7.0.59-42_patch_01.ep7.el6 | tomcat7-servlet-3.0-api-7.0.59-42_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | noarch | tomcat8-webapps | < 8.0.18-52_patch_01.ep7.el6 | tomcat8-webapps-8.0.18-52_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | i686 | httpd24-devel | < 2.4.6-59.ep7.el6 | httpd24-devel-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | src | httpd24 | < 2.4.6-59.ep7.el6 | httpd24-2.4.6-59.ep7.el6.src.rpm |
RedHat | 6 | i686 | mod_ldap24 | < 2.4.6-59.ep7.el6 | mod_ldap24-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | x86_64 | mod_bmx | < 0.9.5-7.GA.ep7.el6 | mod_bmx-0.9.5-7.GA.ep7.el6.x86_64.rpm |