Vulnerability Database
Blog
FAQ
Docs
RHSA-2017:0456
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2017:0456
Import Source
https://security.access.redhat.com/data/osv/RHSA-2017:0456.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2017:0456
Related
CVE-2016-0762
CVE-2016-1240
CVE-2016-3092
CVE-2016-5018
CVE-2016-6325
CVE-2016-6794
CVE-2016-6796
CVE-2016-6797
CVE-2016-6816
CVE-2016-8735
CVE-2016-8745
Published
2024-09-29T17:09:27Z
Modified
2024-10-27T17:54:37Z
Severity
8.1 (High)
CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Details
References
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
https://bugzilla.redhat.com/show_bug.cgi?id=1367447
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
https://bugzilla.redhat.com/show_bug.cgi?id=1390493
https://bugzilla.redhat.com/show_bug.cgi?id=1390515
https://bugzilla.redhat.com/show_bug.cgi?id=1390520
https://bugzilla.redhat.com/show_bug.cgi?id=1390525
https://bugzilla.redhat.com/show_bug.cgi?id=1390526
https://bugzilla.redhat.com/show_bug.cgi?id=1397484
https://bugzilla.redhat.com/show_bug.cgi?id=1397485
https://bugzilla.redhat.com/show_bug.cgi?id=1403824
https://issues.redhat.com/browse/JWS-268
https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0456.json
https://access.redhat.com/security/cve/CVE-2016-0762
https://www.cve.org/CVERecord?id=CVE-2016-0762
https://nvd.nist.gov/vuln/detail/CVE-2016-0762
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37
https://access.redhat.com/security/cve/CVE-2016-1240
https://www.cve.org/CVERecord?id=CVE-2016-1240
https://nvd.nist.gov/vuln/detail/CVE-2016-1240
http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt
https://access.redhat.com/security/cve/CVE-2016-3092
https://www.cve.org/CVERecord?id=CVE-2016-3092
https://nvd.nist.gov/vuln/detail/CVE-2016-3092
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
https://access.redhat.com/security/cve/CVE-2016-5018
https://www.cve.org/CVERecord?id=CVE-2016-5018
https://nvd.nist.gov/vuln/detail/CVE-2016-5018
https://access.redhat.com/security/cve/CVE-2016-6325
https://www.cve.org/CVERecord?id=CVE-2016-6325
https://nvd.nist.gov/vuln/detail/CVE-2016-6325
https://access.redhat.com/security/cve/CVE-2016-6794
https://www.cve.org/CVERecord?id=CVE-2016-6794
https://nvd.nist.gov/vuln/detail/CVE-2016-6794
https://access.redhat.com/security/cve/CVE-2016-6796
https://www.cve.org/CVERecord?id=CVE-2016-6796
https://nvd.nist.gov/vuln/detail/CVE-2016-6796
https://access.redhat.com/security/cve/CVE-2016-6797
https://www.cve.org/CVERecord?id=CVE-2016-6797
https://nvd.nist.gov/vuln/detail/CVE-2016-6797
https://access.redhat.com/security/cve/CVE-2016-6816
https://www.cve.org/CVERecord?id=CVE-2016-6816
https://nvd.nist.gov/vuln/detail/CVE-2016-6816
https://access.redhat.com/articles/2991951
https://access.redhat.com/solutions/2891171
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8
https://access.redhat.com/security/cve/CVE-2016-8735
https://www.cve.org/CVERecord?id=CVE-2016-8735
https://nvd.nist.gov/vuln/detail/CVE-2016-8735
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://access.redhat.com/security/cve/CVE-2016-8745
https://www.cve.org/CVERecord?id=CVE-2016-8745
https://nvd.nist.gov/vuln/detail/CVE-2016-8745
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9
Affected packages
Red Hat:jboss_enterprise_web_server:3.1::el7
/
hibernate4-c3p0-eap6
Package
Name
hibernate4-c3p0-eap6
Purl
pkg:rpm/redhat/hibernate4-c3p0-eap6
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.23-1.Final_redhat_1.1.ep6.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
hibernate4-core-eap6
Package
Name
hibernate4-core-eap6
Purl
pkg:rpm/redhat/hibernate4-core-eap6
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.23-1.Final_redhat_1.1.ep6.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
hibernate4-eap6
Package
Name
hibernate4-eap6
Purl
pkg:rpm/redhat/hibernate4-eap6
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.23-1.Final_redhat_1.1.ep6.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
hibernate4-entitymanager-eap6
Package
Name
hibernate4-entitymanager-eap6
Purl
pkg:rpm/redhat/hibernate4-entitymanager-eap6
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.23-1.Final_redhat_1.1.ep6.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
hibernate4-envers-eap6
Package
Name
hibernate4-envers-eap6
Purl
pkg:rpm/redhat/hibernate4-envers-eap6
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.2.23-1.Final_redhat_1.1.ep6.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
jbcs-httpd24-apache-commons-daemon
Package
Name
jbcs-httpd24-apache-commons-daemon
Purl
pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.15-1.redhat_2.1.jbcs.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
jbcs-httpd24-apache-commons-daemon-jsvc
Package
Name
jbcs-httpd24-apache-commons-daemon-jsvc
Purl
pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.0.15-17.redhat_2.jbcs.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo
Package
Name
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo
Purl
pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.0.15-17.redhat_2.jbcs.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
jbcs-httpd24-runtime
Package
Name
jbcs-httpd24-runtime
Purl
pkg:rpm/redhat/jbcs-httpd24-runtime
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1-3.jbcs.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
mod_cluster
Package
Name
mod_cluster
Purl
pkg:rpm/redhat/mod_cluster
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.3.5-2.Final_redhat_2.1.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
mod_cluster-tomcat7
Package
Name
mod_cluster-tomcat7
Purl
pkg:rpm/redhat/mod_cluster-tomcat7
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.3.5-2.Final_redhat_2.1.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
mod_cluster-tomcat8
Package
Name
mod_cluster-tomcat8
Purl
pkg:rpm/redhat/mod_cluster-tomcat8
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.3.5-2.Final_redhat_2.1.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat-native
Package
Name
tomcat-native
Purl
pkg:rpm/redhat/tomcat-native
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.8-9.redhat_9.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat-native-debuginfo
Package
Name
tomcat-native-debuginfo
Purl
pkg:rpm/redhat/tomcat-native-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.8-9.redhat_9.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat-vault
Package
Name
tomcat-vault
Purl
pkg:rpm/redhat/tomcat-vault
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.8-9.Final_redhat_2.1.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7
Package
Name
tomcat7
Purl
pkg:rpm/redhat/tomcat7
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-admin-webapps
Package
Name
tomcat7-admin-webapps
Purl
pkg:rpm/redhat/tomcat7-admin-webapps
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-docs-webapp
Package
Name
tomcat7-docs-webapp
Purl
pkg:rpm/redhat/tomcat7-docs-webapp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-el-2.2-api
Package
Name
tomcat7-el-2.2-api
Purl
pkg:rpm/redhat/tomcat7-el-2.2-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-javadoc
Package
Name
tomcat7-javadoc
Purl
pkg:rpm/redhat/tomcat7-javadoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-jsp-2.2-api
Package
Name
tomcat7-jsp-2.2-api
Purl
pkg:rpm/redhat/tomcat7-jsp-2.2-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-jsvc
Package
Name
tomcat7-jsvc
Purl
pkg:rpm/redhat/tomcat7-jsvc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-lib
Package
Name
tomcat7-lib
Purl
pkg:rpm/redhat/tomcat7-lib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-log4j
Package
Name
tomcat7-log4j
Purl
pkg:rpm/redhat/tomcat7-log4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-selinux
Package
Name
tomcat7-selinux
Purl
pkg:rpm/redhat/tomcat7-selinux
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-servlet-3.0-api
Package
Name
tomcat7-servlet-3.0-api
Purl
pkg:rpm/redhat/tomcat7-servlet-3.0-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat7-webapps
Package
Name
tomcat7-webapps
Purl
pkg:rpm/redhat/tomcat7-webapps
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.0.70-16.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8
Package
Name
tomcat8
Purl
pkg:rpm/redhat/tomcat8
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-admin-webapps
Package
Name
tomcat8-admin-webapps
Purl
pkg:rpm/redhat/tomcat8-admin-webapps
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-docs-webapp
Package
Name
tomcat8-docs-webapp
Purl
pkg:rpm/redhat/tomcat8-docs-webapp
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-el-2.2-api
Package
Name
tomcat8-el-2.2-api
Purl
pkg:rpm/redhat/tomcat8-el-2.2-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-javadoc
Package
Name
tomcat8-javadoc
Purl
pkg:rpm/redhat/tomcat8-javadoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-jsp-2.3-api
Package
Name
tomcat8-jsp-2.3-api
Purl
pkg:rpm/redhat/tomcat8-jsp-2.3-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-jsvc
Package
Name
tomcat8-jsvc
Purl
pkg:rpm/redhat/tomcat8-jsvc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-lib
Package
Name
tomcat8-lib
Purl
pkg:rpm/redhat/tomcat8-lib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-log4j
Package
Name
tomcat8-log4j
Purl
pkg:rpm/redhat/tomcat8-log4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-selinux
Package
Name
tomcat8-selinux
Purl
pkg:rpm/redhat/tomcat8-selinux
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-servlet-3.1-api
Package
Name
tomcat8-servlet-3.1-api
Purl
pkg:rpm/redhat/tomcat8-servlet-3.1-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
Red Hat:jboss_enterprise_web_server:3.1::el7
/
tomcat8-webapps
Package
Name
tomcat8-webapps
Purl
pkg:rpm/redhat/tomcat8-webapps
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.0.36-17.ep7.el7
RHSA-2017:0456 - OSV