RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 5 (RHSA-2018:2701)
Medium Nessus Plugin ID 117471
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6
and Red Hat JBoss Web Server 3.1 for RHEL 7.
Red Hat Product Security has rated this release as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as
a replacement for Red Hat JBoss Web Server 3.1, and includes bug
fixes, which are documented in the Release Notes document linked to in
Security Fix(es) :
* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.
SolutionUpdate the affected packages.