Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)
A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could use
Trailer headers to set additional HTTP headers after header processing was
performed by other modules. This could, for example, lead to a bypass of
header restrictions defined with mod_headers. (CVE-2013-5704)
Users of httpd or httpd22 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the updated packages, the httpd or httpd22 service must be restarted
manually for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | httpd22-devel | <ย 2.2.26-42.ep6.el7 | httpd22-devel-2.2.26-42.ep6.el7.x86_64.rpm |
RedHat | 7 | x86_64 | mod_ssl22 | <ย 2.2.26-42.ep6.el7 | mod_ssl22-2.2.26-42.ep6.el7.x86_64.rpm |
RedHat | 5 | src | httpd | <ย 2.2.26-41.ep6.el5 | httpd-2.2.26-41.ep6.el5.src.rpm |
RedHat | 5 | x86_64 | mod_ssl | <ย 2.2.26-41.ep6.el5 | mod_ssl-2.2.26-41.ep6.el5.x86_64.rpm |
RedHat | 7 | x86_64 | httpd22-debuginfo | <ย 2.2.26-42.ep6.el7 | httpd22-debuginfo-2.2.26-42.ep6.el7.x86_64.rpm |
RedHat | 6 | x86_64 | mod_cluster-native-debuginfo | <ย 1.2.9-6.Final_redhat_2.ep6.el6 | mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el6.x86_64.rpm |
RedHat | 5 | i386 | httpd | <ย 2.2.26-41.ep6.el5 | httpd-2.2.26-41.ep6.el5.i386.rpm |
RedHat | 6 | i386 | mod_ssl | <ย 2.2.26-41.ep6.el6 | mod_ssl-2.2.26-41.ep6.el6.i386.rpm |
RedHat | 5 | src | mod_cluster-native | <ย 1.2.9-6.Final_redhat_2.ep6.el5 | mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5.src.rpm |
RedHat | 6 | i386 | httpd-tools | <ย 2.2.26-41.ep6.el6 | httpd-tools-2.2.26-41.ep6.el6.i386.rpm |