4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.973 High
EPSS
Percentile
99.8%
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
It was found that Tomcat would keep connections open after processing
requests with a large enough request body. A remote attacker could
potentially use this flaw to exhaust the pool of available connections
and prevent further, legitimate connections to the Tomcat server.
(CVE-2014-0230)
A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could
use Trailer headers to set additional HTTP headers after header
processing was performed by other modules. This could, for example,
lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could
use these flaws to create a specially crafted request, which httpd
would decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
Users of Red Hat JBoss Web Server are advised to upgrade to these
updated packages, which add this enhancement.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | mod_bmx | < 0.9.5-7.GA.ep7.el6 | mod_bmx-0.9.5-7.GA.ep7.el6.i686.rpm |
RedHat | 6 | i686 | httpd24-debuginfo | < 2.4.6-59.ep7.el6 | httpd24-debuginfo-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | noarch | tomcat7 | < 7.0.59-42_patch_01.ep7.el6 | tomcat7-7.0.59-42_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | x86_64 | httpd24 | < 2.4.6-59.ep7.el6 | httpd24-2.4.6-59.ep7.el6.x86_64.rpm |
RedHat | 6 | noarch | tomcat7-servlet-3.0-api | < 7.0.59-42_patch_01.ep7.el6 | tomcat7-servlet-3.0-api-7.0.59-42_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | noarch | tomcat8-webapps | < 8.0.18-52_patch_01.ep7.el6 | tomcat8-webapps-8.0.18-52_patch_01.ep7.el6.noarch.rpm |
RedHat | 6 | i686 | httpd24-devel | < 2.4.6-59.ep7.el6 | httpd24-devel-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | src | httpd24 | < 2.4.6-59.ep7.el6 | httpd24-2.4.6-59.ep7.el6.src.rpm |
RedHat | 6 | i686 | mod_ldap24 | < 2.4.6-59.ep7.el6 | mod_ldap24-2.4.6-59.ep7.el6.i686.rpm |
RedHat | 6 | x86_64 | mod_bmx | < 0.9.5-7.GA.ep7.el6 | mod_bmx-0.9.5-7.GA.ep7.el6.x86_64.rpm |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.973 High
EPSS
Percentile
99.8%