exploit the possibilities

Red Hat Security Advisory 2019-1712-01

Red Hat Security Advisory 2019-1712-01
Posted Jul 9, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1712-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-0739, CVE-2019-0232
MD5 | b873acd280d331eebb5b9a89a00a2f19

Red Hat Security Advisory 2019-1712-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 7 security and bug fix update
Advisory ID: RHSA-2019:1712-01
Product: Red Hat JBoss Web Server
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1712
Issue date: 2019-07-09
CVE Names: CVE-2018-0739 CVE-2019-0232
====================================================================
1. Summary:

An update is now available for Red Hat JBoss Web Server 3.1.

Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a
replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which
are documented in the Release Notes document linked to in the References.

Security Fix(es):

* tomcat: Remote Code Execution on Windows (CVE-2019-0232)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack
overflow and resulting denial of service (CVE-2018-0739)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files).

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
1701056 - CVE-2019-0232 tomcat: Remote Code Execution on Windows

5. JIRA issues fixed (https://issues.jboss.org/):

JWS-1303 - Body text property replacement fails [jws3]
JWS-1414 - Tomcat frequently hangs at startup when Jolokia loads certificate [jws-3]

6. References:

https://access.redhat.com/security/cve/CVE-2018-0739
https://access.redhat.com/security/cve/CVE-2019-0232
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXSSdM9zjgjWX9erEAQjiyBAAm7poF66coR0wLnb9mmsmEl5gT8+oqM+Z
QByRSEmp+cOIzzmz2JA0oRAAiq6if7D8jbcnK0+bEO9upkje9EDT7Y0whjq4zui4
q938wRWMS4OoxGqWqYwPJZV9WVTbshHTaQ42dBPjDtE64P7o/ZJgbshO/znVDTFK
crIC4h5GLawcBsGCApcGkxlfJQG/VzhTdBQkrVJGM4ovZ7zgFASNkQdoHN4x9st3
NPZPDO3TbhKBougI9D8UcfqOLUvkGaMljYnqAsbheXb1T1E0gX3mNO/qfc7lVdKO
Yh2tNL+sfHAa6/EQ9bH7OKsdxhR4szeCV/os8i7NSJgN0QbwpOsAXTi4T80wphl2
krX3EPL3/Xsp9u+FMA2dkPXSUAJAEob++7p4r6tEEg4Q8q8wdx59Del4ERESos2W
TccjjszCnT+OVTdpLRkf7LIjS+bTUsnnICTdyXKWATIEeZOYah4AsNPEfFFAFs3G
Ln+kJ/tMkAEaR7J3uZqRIn0YtZVJhRoKQrB8iV49ItK2TIih+EvUCQhgu/MSFTUd
9dPZwkJDLOzJnHF6YIFZoo8wIwgiszMBgMJQRZisJsgysd6jtJUAE4ye/wL9TRkk
YPK4uuXnE486odfCu4gSeSrc2/Z+xIej6IwSaFcHbJR3u5rLKd1i/QzupciOFIJC
PR68zb1PfGo=WmTT
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close