exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2011-0896-01

Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
SHA-256 | afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bc

Red Hat Security Advisory 2011-0896-01

Change Mirror Download
Hash: SHA1

Red Hat Security Advisory

Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update
Advisory ID: RHSA-2011:0896-01
Product: JBoss Enterprise Web Server
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0896.html
Issue date: 2011-06-22
CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2009-3560
CVE-2009-3720 CVE-2009-3767 CVE-2010-1157
CVE-2010-1452 CVE-2010-1623 CVE-2010-2068
CVE-2010-3718 CVE-2010-4172 CVE-2010-4180
CVE-2011-0013 CVE-2011-0419

1. Summary:

JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat
Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and
Microsoft Windows.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Description:

JBoss Enterprise Web Server is a fully-integrated and certified set of
components for hosting Java web applications.

This is the first release of JBoss Enterprise Web Server for Red Hat
Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and
Microsoft Windows, this release serves as a replacement for JBoss
Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to
the Release Notes, linked in the References, for more information.

This update corrects security flaws in the following components:


A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. If a remote attacker
could trick a user who is logged into the Manager application into visiting
a specially-crafted URL, the attacker could perform Manager application
tasks with the privileges of the logged in user. (CVE-2010-4172)

tomcat5 and tomcat6:

It was found that web applications could modify the location of the Apache
Tomcat host's work directory. As web applications deployed on Tomcat have
read and write access to this directory, a malicious web application could
use this flaw to trick Tomcat into giving it read and write access to an
arbitrary directory on the file system. (CVE-2010-3718)

A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.

A possible minor information leak was found in the way Apache Tomcat
generated HTTP BASIC and DIGEST authentication requests. For configurations
where a realm name was not specified and Tomcat was accessed via a proxy,
the default generated realm contained the hostname and port used by the
proxy to send requests to the Tomcat server. (CVE-2010-1157)


A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)

A flaw was discovered in the way the mod_proxy_http module of the Apache
HTTP Server handled the timeouts of requests forwarded by a reverse proxy
to the back-end server. In some configurations, the proxy could return
a response intended for another user under certain timeout conditions,
possibly leading to information disclosure. Note: This issue only affected
httpd running on the Windows operating system. (CVE-2010-2068)


It was found that the apr_fnmatch() function used an unconstrained
recursion when processing patterns with the '*' wildcard. An attacker could
use this flaw to cause an application using this function, which also
accepted untrusted input as a pattern for matching (such as an httpd server
using the mod_autoindex module), to exhaust all stack memory or use an
excessive amount of CPU time when performing matching. (CVE-2011-0419)


It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly use
this flaw to trigger high memory consumption. (CVE-2010-1623)

The following flaws were corrected in the packages for Solaris and Windows.
Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat

Multiple flaws in OpenSSL, which could possibly cause a crash, code
execution, or a change of session parameters, have been corrected.
(CVE-2009-3245, CVE-2010-4180, CVE-2008-7270)

Two denial of service flaws were corrected in Expat. (CVE-2009-3560,

An X.509 certificate verification flaw was corrected in OpenLDAP.

More information about these flaws is available from the CVE links in the

3. Solution:

All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Enterprise Web Server
1.0.2, which corrects these issues.

The References section of this erratum contains a download link (you must
log in to download the update). Before installing the update, backup your
existing JBoss Enterprise Web Server installation (including all
applications and configuration files). Apache Tomcat and the Apache HTTP
Server must be restarted for the update to take effect.

4. Bugs fixed (http://bugzilla.redhat.com/):

530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name
531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks
585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers
618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts
640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line()
656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application
659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch

5. References:


6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
Version: GnuPG v1.4.4 (GNU/Linux)


RHSA-announce mailing list
Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By