Lucene search

K
redhatRedHatRHSA-2011:0897
HistoryJun 22, 2011 - 12:00 a.m.

(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update

2011-06-2200:00:00
access.redhat.com
39

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.6%

JBoss Enterprise Web Server is a fully-integrated and certified set of
components for hosting Java web applications.

This is the first release of JBoss Enterprise Web Server for Red Hat
Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release
serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes
a number of bug fixes. Refer to the Release Notes, linked in the
References, for more information.

This update corrects security flaws in the following components:

tomcat6:

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. If a remote attacker
could trick a user who is logged into the Manager application into visiting
a specially-crafted URL, the attacker could perform Manager application
tasks with the privileges of the logged in user. (CVE-2010-4172)

tomcat5 and tomcat6:

It was found that web applications could modify the location of the Apache
Tomcat host’s work directory. As web applications deployed on Tomcat have
read and write access to this directory, a malicious web application could
use this flaw to trick Tomcat into giving it read and write access to an
arbitrary directory on the file system. (CVE-2010-3718)

A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.
(CVE-2011-0013)

A possible minor information leak was found in the way Apache Tomcat
generated HTTP BASIC and DIGEST authentication requests. For configurations
where a realm name was not specified and Tomcat was accessed via a proxy,
the default generated realm contained the hostname and port used by the
proxy to send requests to the Tomcat server. (CVE-2010-1157)

httpd:

A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)

apr:

It was found that the apr_fnmatch() function used an unconstrained
recursion when processing patterns with the ‘*’ wildcard. An attacker could
use this flaw to cause an application using this function, which also
accepted untrusted input as a pattern for matching (such as an httpd server
using the mod_autoindex module), to exhaust all stack memory or use an
excessive amount of CPU time when performing matching. (CVE-2011-0419)

apr-util:

It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly use
this flaw to trigger high memory consumption. Note: This issue only
affected the JBoss Enterprise Web Server packages on Red Hat Enterprise
Linux 4. (CVE-2010-1623)

All users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to
JBoss Enterprise Web Server 1.0.2, which corrects these issues. After
installing this update, the relevant Apache Tomcat service (“tomcat5” or
“tomcat6”) and the Apache HTTP Server (“httpd”) must be restarted for the
update to take effect.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.6%