RHEL 6 : JBoss Web Server (RHSA-2016:2807)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update is now available for Red Hat JBoss Enterprise Web Server 2
for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement
for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the
Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web
Server need to apply the fixes delivered in this release.

Security Fix(es) :

* A CSRF flaw was found in Tomcat's the index pages for the Manager
and Host Manager applications. These applications included a valid
CSRF token when issuing a redirect as a result of an unauthenticated
request to the root of the web application. This token could then be
used by an attacker to perform a CSRF attack. (CVE-2015-5351)

* It was found that several Tomcat session persistence mechanisms
could allow a remote, authenticated user to bypass intended
SecurityManager restrictions and execute arbitrary code in a
privileged context via a web application that placed a crafted object
in a session. (CVE-2016-0714)

* A security manager bypass flaw was found in Tomcat that could allow
remote, authenticated users to access arbitrary application data,
potentially resulting in a denial of service. (CVE-2016-0763)

* A denial of service vulnerability was identified in Commons
FileUpload that occurred when the length of the multipart boundary was
just below the size of the buffer (4096 bytes) used to read the
uploaded file if the boundary was the typical tens of bytes long.
(CVE-2016-3092)

* A session fixation flaw was found in the way Tomcat recycled the
requestedSessionSSL field. If at least one web application was
configured to use the SSL session ID as the HTTP session ID, an
attacker could reuse a previously used session ID for further
requests. (CVE-2015-5346)

* It was found that Tomcat allowed the StatusManagerServlet to be
loaded by a web application when a security manager was configured.
This allowed a web application to list all deployed web applications
and expose sensitive information such as session IDs. (CVE-2016-0706)

See also :

https://www.redhat.com/security/data/cve/CVE-2015-5346.html
https://www.redhat.com/security/data/cve/CVE-2015-5351.html
https://www.redhat.com/security/data/cve/CVE-2016-0706.html
https://www.redhat.com/security/data/cve/CVE-2016-0714.html
https://www.redhat.com/security/data/cve/CVE-2016-0763.html
https://www.redhat.com/security/data/cve/CVE-2016-3092.html
http://rhn.redhat.com/errata/RHSA-2016-2807.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 95024 ()

Bugtraq ID:

CVE ID: CVE-2015-5346
CVE-2015-5351
CVE-2016-0706
CVE-2016-0714
CVE-2016-0763
CVE-2016-3092

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now