exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2017-0456-01

Red Hat Security Advisory 2017-0456-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0456-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
SHA-256 | 439006faa54fcb1a99274f4917c65ee29688301c270ba766630fe134a170fcff

Red Hat Security Advisory 2017-0456-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Advisory ID: RHSA-2017:0456-01
Product: Red Hat JBoss Web Server
Advisory URL: https://access.redhat.com/errata/RHSA-2017:0456
Issue date: 2015-11-12
Updated on: 2017-03-07
CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092
CVE-2016-5018 CVE-2016-6325 CVE-2016-6794
CVE-2016-6796 CVE-2016-6797 CVE-2016-6816
CVE-2016-8735 CVE-2016-8745
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, ppc64, x86_64

3. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for
Red Hat JBoss Web Server 3.0.3, and includes enhancements.

Security Fix(es):

* It was reported that the Tomcat init script performed unsafe file
handling, which could result in local privilege escalation. (CVE-2016-1240)

* It was discovered that the Tomcat packages installed certain
configuration files read by the Tomcat initialization script as writeable
to the tomcat group. A member of the group or a malicious web application
deployed on Tomcat could use this flaw to escalate their privileges.
(CVE-2016-6325)

* The JmxRemoteLifecycleListener was not updated to take account of
Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included
in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat
instance built from source, using the EWS 2.x, or JWS 3.x distributions, an
attacker could use this flaw to launch a remote code execution attack on
your deployed instance. (CVE-2016-8735)

* A denial of service vulnerability was identified in Commons FileUpload
that occurred when the length of the multipart boundary was just below the
size of the buffer (4096 bytes) used to read the uploaded file if the
boundary was the typical tens of bytes long. (CVE-2016-3092)

* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction with
a proxy that also permitted the invalid characters but with a different
interpretation, to inject data into the HTTP response. By manipulating the
HTTP response the attacker could poison a web-cache, perform an XSS attack,
or obtain sensitive information from requests other then their own.
(CVE-2016-6816)

* A bug was discovered in the error handling of the send file code for the
NIO HTTP connector. This led to the current Processor object being added to
the Processor cache multiple times allowing information leakage between
requests including, and not limited to, session ID and the response body.
(CVE-2016-8745)

* The Realm implementations did not process the supplied password if the
supplied user name did not exist. This made a timing attack possible to
determine valid user names. Note that the default configuration includes
the LockOutRealm which makes exploitation of this vulnerability harder.
(CVE-2016-0762)

* It was discovered that a malicious web application could bypass a
configured SecurityManager via a Tomcat utility method that was accessible
to web applications. (CVE-2016-5018)

* It was discovered that when a SecurityManager is configured Tomcat's
system property replacement feature for configuration files could be used
by a malicious web application to bypass the SecurityManager and read
system properties that should not be visible. (CVE-2016-6794)

* It was discovered that a malicious web application could bypass a
configured SecurityManager via manipulation of the configuration parameters
for the JSP Servlet. (CVE-2016-6796)

* It was discovered that it was possible for a web application to access
any global JNDI resource whether an explicit ResourceLink had been
configured or not. (CVE-2016-6797)

The CVE-2016-6325 issue was discovered by Red Hat Product Security.

Enhancement(s):

* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages
to Red Hat Enterprise Linux 7. These packages provide a number of
enhancements over the previous version of Red Hat JBoss Web Server.
(JIRA#JWS-268)

4. Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files).

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation
1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources
1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters
1390520 - CVE-2016-6794 tomcat: system property disclosure
1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function
1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation
1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener
1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing

6. JIRA issues fixed (https://issues.jboss.org/):

JWS-268 - RHEL 7 Errata JIRA

7. Package List:

Red Hat JBoss Web Server 3.1 for RHEL 7:

Source:
hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.src.rpm
jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.src.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.src.rpm
mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.src.rpm
tomcat-native-1.2.8-9.redhat_9.ep7.el7.src.rpm
tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.src.rpm
tomcat7-7.0.70-16.ep7.el7.src.rpm
tomcat8-8.0.36-17.ep7.el7.src.rpm

noarch:
hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm
hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm
hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm
hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm
hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.noarch.rpm
jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm
mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm
mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm
mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm
tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.noarch.rpm
tomcat7-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-admin-webapps-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-docs-webapp-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-el-2.2-api-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-javadoc-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-jsp-2.2-api-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-jsvc-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-lib-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-log4j-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-selinux-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-servlet-3.0-api-7.0.70-16.ep7.el7.noarch.rpm
tomcat7-webapps-7.0.70-16.ep7.el7.noarch.rpm
tomcat8-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-admin-webapps-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-docs-webapp-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-el-2.2-api-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-javadoc-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-jsp-2.3-api-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-jsvc-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-lib-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-log4j-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-selinux-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-servlet-3.1-api-8.0.36-17.ep7.el7.noarch.rpm
tomcat8-webapps-8.0.36-17.ep7.el7.noarch.rpm

ppc64:
jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm

x86_64:
jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm
tomcat-native-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm
tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2016-0762
https://access.redhat.com/security/cve/CVE-2016-1240
https://access.redhat.com/security/cve/CVE-2016-3092
https://access.redhat.com/security/cve/CVE-2016-5018
https://access.redhat.com/security/cve/CVE-2016-6325
https://access.redhat.com/security/cve/CVE-2016-6794
https://access.redhat.com/security/cve/CVE-2016-6796
https://access.redhat.com/security/cve/CVE-2016-6797
https://access.redhat.com/security/cve/CVE-2016-6816
https://access.redhat.com/security/cve/CVE-2016-8735
https://access.redhat.com/security/cve/CVE-2016-8745
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYvwx1XlSAg2UNWIIRAlcaAJ9BAGykX/bGrxjm/OJ4KkTD2Jol4QCfaFhA
I1dYmPbbHiEL1qBik1MSZME=
=IQj5
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close