5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.3%
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
A flaw was found in the way the mod_cluster manager processed certain MCMP
messages. An attacker with access to the network from which MCMP messages
are allowed to be sent could use this flaw to execute arbitrary JavaScript
code in the mod_cluster manager web interface. (CVE-2015-0298)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them. (CVE-2014-8111)
All users of Red Hat JBoss Web Server 2.1.0 are advised to apply this
update. The Red Hat JBoss Web Server process must be restarted for the
update to take effect.