Skip to navigation

Security Advisory Low: JBoss Enterprise Web Server 1.0.1 update

Advisory: RHSA-2010:0119-1
Type: Security Advisory
Severity: Low
Issued on: 2010-02-23
Last updated on: 2010-02-23
Affected Products: JBoss Enterprise Web Server v1 EL4
JBoss Enterprise Web Server v1 EL5
CVEs (cve.mitre.org): CVE-2009-2693
CVE-2009-2902
CVE-2009-3555
CVE-2010-2086

Details

JBoss Enterprise Web Server 1.0.1 is now available for Red Hat Enterprise
Linux 4 and 5.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

JBoss Enterprise Web Server is a fully integrated and certified set
of components for hosting Java web applications. It is comprised of the
industry's leading web server (Apache HTTP Server), the popular Apache
Tomcat servlet container, as well as the mod_jk connector and the Tomcat
Native library.

This 1.0.1 release of JBoss Enterprise Web Server serves as a replacement
to JBoss Enterprise Web Server 1.0.0 GA. These updated packages include
a number of bug fixes. For detailed component, installation, and bug fix
information, refer to the JBoss Enterprise Web Server 1.0.1 Release Notes,
available shortly from the link in the References section of this erratum.

The following security issues are also fixed with this release:

A directory traversal flaw was found in the Tomcat deployment process. An
attacker could create a specially-crafted WAR file, which once deployed
by a local, unsuspecting user, would lead to attacker-controlled content
being deployed outside of the web root, into directories accessible to the
Tomcat process. (CVE-2009-2693)

A second directory traversal flaw was found in the Tomcat deployment
process. WAR file names were not sanitized, which could allow an attacker
to create a specially-crafted WAR file that could delete files in the
Tomcat host's work directory. (CVE-2009-2902)

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. (CVE-2009-3555)

This update provides a mitigation for this flaw in the following
components:

tomcat5 and tomcat6: A new attribute, allowUnsafeLegacyRenegotiation, is
available for the blocking IO (BIO) connector using JSSE, to enable or
disable TLS session renegotiation. The default value is "false", meaning
session renegotiation, both client- and server-initiated, is disabled by
default.

tomcat-native: Client-initiated renegotiation is now rejected by the native
connector. Server-initiated renegotiation is still allowed.

Refer to the following Knowledgebase article for additional details about
the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491

All users of JBoss Enterprise Web Server 1.0.0 on Red Hat Enterprise Linux
4 and 5 are advised to upgrade to these updated packages.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Web Server v1 EL4

SRPMS:
glassfish-jsf-1.2_13-2.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: fd2a651802d3a157acf620145c927ed5
httpd22-2.2.14-4.ep5.el4.src.rpm
File outdated by:  RHSA-2011:1329
    MD5: 4bf074a653f27f7ec357edcbbfe250e9
jakarta-commons-chain-1.2-2.1.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: ed7a80cda387e12405523615c63d9ab7
jakarta-commons-digester-1.8.1-7.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: aa4096cd78de0cf60f36b3db6753bdd3
jakarta-commons-io-1.4-1.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 4c766a5a36d163d18c69c646df97ec77
jakarta-commons-modeler-2.0-3.3.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 568851338ea6f284a8fc8664e8d7247f
jakarta-commons-validator-1.3.1-7.4.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 6fab2e4ae9304767df122a579e762990
jakarta-oro-2.0.8-3jpp.ep1.3.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7d48e45212e2ebb7b53824f0e9b4dcfc
jboss-javaee-5.0.1-2.3.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 1812bb16fc3676cebeedddcff9538fe9
mod_jk-1.2.28-4.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 77f3f5ba1dc2549c9a522191c48c6f76
tomcat-native-1.1.19-2.0.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: d27d53683ba7a6d318674ada2aaa212c
tomcat5-5.5.28-7.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 95227ff303dd7b078aa204678c62737e
tomcat6-6.0.24-2.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 5cd73af8bf751d4b00b730bccef37836
xerces-j2-2.9.1-2.2_patch_01.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: c86ccf6be3f981f1461b7fd314fc7c41
xml-commons-resolver12-1.2-1.1.ep5.el4.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: d51078e816affc66b2582b0a5559e9c9
 
IA-32:
glassfish-jsf-1.2_13-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 78c926a7f6af4b95140b9ad6a437caa5
httpd22-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: 0b6b21ea500b053b699cd09e07572638
httpd22-apr-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: d12a9d7eb27da7ec679481678c55ceb4
httpd22-apr-devel-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: 75a9cbbea393ef8e7e429973f2ec80cc
httpd22-apr-util-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: 8a54f5e9058278b7ee5614f7b65f5191
httpd22-apr-util-devel-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: d8b1a007fef2a4486e7559f78c616609
httpd22-devel-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: 2dcf488aa6875504bdeccd65da4b87b6
httpd22-manual-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: bc67742466a8abb15bbe58a422adc275
jakarta-commons-chain-1.2-2.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7d0ff32235b5d45db8ac675f769e54fd
jakarta-commons-digester-1.8.1-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 74a42fc2c8e4288feacf95cacd04f8a1
jakarta-commons-io-1.4-1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 4839a3b221a4460b69402c4692edf21a
jakarta-commons-modeler-2.0-3.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: c6d699ce89fb95491899666cb0e87f8f
jakarta-commons-validator-1.3.1-7.4.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: ed98f4672f6044594fed8e1be7f873ce
jakarta-oro-2.0.8-3jpp.ep1.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: c7538f5b3f6b9aea7768eae587dd8961
jboss-javaee-poms-5.0.1-2.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 19e3a47fde92e2773696ff3d32c04d26
jboss-transaction-1.0.1-api-5.0.1-2.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 007b0d82339f4929227dd7ad759d6dbe
mod_jk-ap20-1.2.28-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: b5ea5794c32d94c31bb03162a73e285f
mod_jk-manual-1.2.28-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: 0e99b8f7e54bd935ce75740ae711aea0
mod_ssl22-2.2.14-4.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:1329
    MD5: a6bebc0b628c17f622f9e5c776962669
struts12-1.2.9-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7e40a33af89683cc200b60ca0aff02ca
tomcat-native-1.1.19-2.0.ep5.el4.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: 5d18f873af155e6b6dc02dfb358eb3a2
tomcat5-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f0d285d397f255009a876c3d5316a028
tomcat5-admin-webapps-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: b24b31a8e48189fff20659ceed824707
tomcat5-common-lib-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: a69f9c0dfa6e3a829108a9f39cb7d530
tomcat5-jasper-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 1a081773ecfd7b0efc398e79ada047e1
tomcat5-jasper-eclipse-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 66a3b47e86ebf00f4248bc3debe38ea0
tomcat5-jasper-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: befb3639cc9059fba6cbdc052eafda5d
tomcat5-jsp-2.0-api-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 91372cb9d27aae5efde010948471d3e4
tomcat5-jsp-2.0-api-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: cb9472786c49853e73a18996df3d2147
tomcat5-parent-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 87f86a6ec35bcc25279bd7106edb5994
tomcat5-server-lib-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 34f088bd591bc153b38b5b34896853a3
tomcat5-servlet-2.4-api-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 6f5b5a1334431d7ca09831a231c4437a
tomcat5-servlet-2.4-api-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: cf1384d2c7ac0d230ef9d1aef2a16ef7
tomcat5-webapps-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 9ebb4e4479a618adde90ccdb977c4d5f
tomcat6-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 0fd7817f63fbacbb965424fa9a92170d
tomcat6-admin-webapps-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 61e71d7b71099b0c3dc3a71a69a74e1f
tomcat6-docs-webapp-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 3102b3d1d93f87e2bc90f2e40a0c00cb
tomcat6-el-1.0-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 307f992ce97a069aadacebfc2dde9aad
tomcat6-javadoc-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f3253460329b10baa47129cc28b9abb2
tomcat6-jsp-2.1-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 40e26c7d71e13a97207b671baa61f83e
tomcat6-lib-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: e48abc2efb9f6b66793a9f29ec0508ae
tomcat6-log4j-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: ee93dfb6c78723de1807b00d94a93aaf
tomcat6-servlet-2.5-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 9d5c460c0a057716ea3b7d725d5a8b0b
tomcat6-webapps-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 33ea194c59c8177e3818f3ad758f1769
xerces-j2-2.9.1-2.2_patch_01.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: aa117db05d43fdf6a9a69093335d9b4c
xml-commons-resolver12-1.2-1.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f858d86c284de3d966d3a6bbccc260ee
 
x86_64:
glassfish-jsf-1.2_13-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 78c926a7f6af4b95140b9ad6a437caa5
httpd22-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: 4b14306a2889cad9700d275c14708005
httpd22-apr-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: a10f3054f68c2905b6dd263a64e3e1cc
httpd22-apr-devel-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: 95f2b4fd077112522143e3ec5b9e728f
httpd22-apr-util-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: d10436de0efcef7978f744c208fa89a5
httpd22-apr-util-devel-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: e4cde9f2725804f83fa4b9c4b817401d
httpd22-devel-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: 89c381672d0c041fd1283a3213f79f64
httpd22-manual-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: 12be7eb4c6722e63cea82311a2f9617e
jakarta-commons-chain-1.2-2.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7d0ff32235b5d45db8ac675f769e54fd
jakarta-commons-digester-1.8.1-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 74a42fc2c8e4288feacf95cacd04f8a1
jakarta-commons-io-1.4-1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 4839a3b221a4460b69402c4692edf21a
jakarta-commons-modeler-2.0-3.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: c6d699ce89fb95491899666cb0e87f8f
jakarta-commons-validator-1.3.1-7.4.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: ed98f4672f6044594fed8e1be7f873ce
jakarta-oro-2.0.8-3jpp.ep1.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: c7538f5b3f6b9aea7768eae587dd8961
jboss-javaee-poms-5.0.1-2.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 19e3a47fde92e2773696ff3d32c04d26
jboss-transaction-1.0.1-api-5.0.1-2.3.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 007b0d82339f4929227dd7ad759d6dbe
mod_jk-ap20-1.2.28-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: 805db1b801470750acbb2537152f9d43
mod_jk-manual-1.2.28-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: dfdd15136bb691cd5a3a6f2a81de9976
mod_ssl22-2.2.14-4.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:1329
    MD5: 54256ef3e844a20425cc66ab6e65f063
struts12-1.2.9-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7e40a33af89683cc200b60ca0aff02ca
tomcat-native-1.1.19-2.0.ep5.el4.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: 382676908a819baf769fa0a88992decf
tomcat5-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f0d285d397f255009a876c3d5316a028
tomcat5-admin-webapps-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: b24b31a8e48189fff20659ceed824707
tomcat5-common-lib-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: a69f9c0dfa6e3a829108a9f39cb7d530
tomcat5-jasper-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 1a081773ecfd7b0efc398e79ada047e1
tomcat5-jasper-eclipse-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 66a3b47e86ebf00f4248bc3debe38ea0
tomcat5-jasper-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: befb3639cc9059fba6cbdc052eafda5d
tomcat5-jsp-2.0-api-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 91372cb9d27aae5efde010948471d3e4
tomcat5-jsp-2.0-api-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: cb9472786c49853e73a18996df3d2147
tomcat5-parent-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 87f86a6ec35bcc25279bd7106edb5994
tomcat5-server-lib-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 34f088bd591bc153b38b5b34896853a3
tomcat5-servlet-2.4-api-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 6f5b5a1334431d7ca09831a231c4437a
tomcat5-servlet-2.4-api-javadoc-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: cf1384d2c7ac0d230ef9d1aef2a16ef7
tomcat5-webapps-5.5.28-7.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 9ebb4e4479a618adde90ccdb977c4d5f
tomcat6-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 0fd7817f63fbacbb965424fa9a92170d
tomcat6-admin-webapps-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 61e71d7b71099b0c3dc3a71a69a74e1f
tomcat6-docs-webapp-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 3102b3d1d93f87e2bc90f2e40a0c00cb
tomcat6-el-1.0-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 307f992ce97a069aadacebfc2dde9aad
tomcat6-javadoc-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f3253460329b10baa47129cc28b9abb2
tomcat6-jsp-2.1-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 40e26c7d71e13a97207b671baa61f83e
tomcat6-lib-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: e48abc2efb9f6b66793a9f29ec0508ae
tomcat6-log4j-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: ee93dfb6c78723de1807b00d94a93aaf
tomcat6-servlet-2.5-api-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 9d5c460c0a057716ea3b7d725d5a8b0b
tomcat6-webapps-6.0.24-2.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 33ea194c59c8177e3818f3ad758f1769
xerces-j2-2.9.1-2.2_patch_01.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: aa117db05d43fdf6a9a69093335d9b4c
xml-commons-resolver12-1.2-1.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: f858d86c284de3d966d3a6bbccc260ee
 
JBoss Enterprise Web Server v1 EL5

SRPMS:
glassfish-jsf-1.2_13-3.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: ee6cd9ff9e5500cfbe59247dccf58d4a
httpd-2.2.14-1.2.1.ep5.el5.src.rpm
File outdated by:  RHSA-2012:0542
    MD5: 04f39361f5bfe24499913e6acffed17a
jakarta-commons-chain-1.2-2.1.1.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: af428310632af917e9f6a586bf23d1b1
jakarta-commons-io-1.4-1.1.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 952a06f01dccbacfc34dfcfe62334fcd
jakarta-oro-2.0.8-3.1.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7320e313d083756a9befe76d3d9fb346
mod_jk-1.2.28-4.1.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: aec781555f3388b7a347454d6abe1d05
struts12-1.2.9-2.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: 6c611f86c5e59ebef8ca38e6d977a95e
tomcat-native-1.1.19-2.0.1.ep5.el5.src.rpm
File outdated by:  RHSA-2011:0897
    MD5: c0a90135962800a96568a44fe6c2726d
tomcat5-5.5.28-7.1.ep5.el5.src.rpm
File outdated by:  RHSA-2013:0872
    MD5: e3cefce56cfe52147b9566220dac973d
tomcat6-6.0.24-2.1.ep5.el5.src.rpm
File outdated by:  RHSA-2013:0872
    MD5: eb4b29e96315b251382b8b608135d4bf
 
IA-32:
glassfish-jsf-1.2_13-3.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 3084c9d84ad38c751461d7676f53e76e
httpd-2.2.14-1.2.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 33d75d94583e7a181fa62e20290fac5c
httpd-devel-2.2.14-1.2.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 44504226d7a429305a29d5ab00477838
httpd-manual-2.2.14-1.2.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 8b8668c987661cd992683a90c24b733e
jakarta-commons-chain-1.2-2.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: d85f18bd8742c888b24cae8767e0658c
jakarta-commons-io-1.4-1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 676fef7eda645f836a68d2018a7ec764
jakarta-oro-2.0.8-3.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 48e39c7be66905df16081f79941ab5dd
mod_jk-ap20-1.2.28-4.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: 59c7abe0588d1ec749d9d940cd2e1f70
mod_jk-manual-1.2.28-4.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: 447695d4f6c9157a4469f925ba216a75
mod_ssl-2.2.14-1.2.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: db509f2c5dbaa36f6c230c62263cc780
struts12-1.2.9-2.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7c35a33c43e56fa5875b9c310c38bd9a
tomcat-native-1.1.19-2.0.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2011:0897
    MD5: beb37772ac7710d57af35b03cae7ee3e
tomcat5-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 23110f1500637c1f2079a04a5a56c400
tomcat5-admin-webapps-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 438d206b43e02b67667d49b97ff2b0a6
tomcat5-common-lib-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: c32829f1ef0f0d603eedf0c8895845b9
tomcat5-jasper-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 66f70aca05db16586f9a84bc76ea2c84
tomcat5-jasper-eclipse-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 2f3fbadc75e477e46ebd1eb9fb7fa320
tomcat5-jasper-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 8c5fcc71fb606efec53d45cb87b39016
tomcat5-jsp-2.0-api-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 44480f586596f7381fa49964378e3ec9
tomcat5-jsp-2.0-api-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b26e3841e8100dfda5ea2ac5b644f0e1
tomcat5-parent-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b173ebe753f6a5b7523cd7a8a786e915
tomcat5-server-lib-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 760ac9b811e7d4cc0943fbd9c50f2728
tomcat5-servlet-2.4-api-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 41a01a224ec894b996fab671bd42acd4
tomcat5-servlet-2.4-api-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: e988d2f7254ac0664be08e16760a9194
tomcat5-webapps-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: bc6c3c29c288c7f30ee6da6f261b7ffd
tomcat6-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 08d8433ea1cf152de8c81e975ce210c0
tomcat6-admin-webapps-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: f9b9be6d1fc6da666c6fe15df2c47d2f
tomcat6-docs-webapp-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 55587cf46e7c78bcc179ef8bf8989d2e
tomcat6-el-1.0-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 0d6f9beb29608ad063c68e890ef6b02e
tomcat6-javadoc-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 59d6d3188a8811dffa1809296a38c8f7
tomcat6-jsp-2.1-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 00bbd1b321a161e3019fe67e22a680de
tomcat6-lib-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b83fe680f4d8e52fd0a16cf7f66eedae
tomcat6-log4j-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: e51fa3f85950158222d086a7088f5016
tomcat6-servlet-2.5-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 834465becd6597e80a8ff2b4a60cec09
tomcat6-webapps-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 493c71b28dc4383c79410cceaf3316a2
 
x86_64:
glassfish-jsf-1.2_13-3.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 3084c9d84ad38c751461d7676f53e76e
httpd-2.2.14-1.2.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: ce55e2ce9e9f8f3beb406f2cdaa6ff67
httpd-devel-2.2.14-1.2.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: edbcf3edac398cfb4e7074263d1d0b9e
httpd-manual-2.2.14-1.2.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: b7769eed5f98709de0ab49442298cb18
jakarta-commons-chain-1.2-2.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: d85f18bd8742c888b24cae8767e0658c
jakarta-commons-io-1.4-1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 676fef7eda645f836a68d2018a7ec764
jakarta-oro-2.0.8-3.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 48e39c7be66905df16081f79941ab5dd
mod_jk-ap20-1.2.28-4.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: 13fa52056e71d243247b5b1199832e74
mod_jk-manual-1.2.28-4.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: c12b9fd2fca928a8fa5eb2e28cf8dbf4
mod_ssl-2.2.14-1.2.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 1fd8f259e4d31a8cc795aa51108e48c0
struts12-1.2.9-2.ep5.el5.noarch.rpm
File outdated by:  RHSA-2011:0897
    MD5: 7c35a33c43e56fa5875b9c310c38bd9a
tomcat-native-1.1.19-2.0.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2011:0897
    MD5: 2e7814daac4fa597385972879b1293ec
tomcat5-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 23110f1500637c1f2079a04a5a56c400
tomcat5-admin-webapps-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 438d206b43e02b67667d49b97ff2b0a6
tomcat5-common-lib-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: c32829f1ef0f0d603eedf0c8895845b9
tomcat5-jasper-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 66f70aca05db16586f9a84bc76ea2c84
tomcat5-jasper-eclipse-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 2f3fbadc75e477e46ebd1eb9fb7fa320
tomcat5-jasper-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 8c5fcc71fb606efec53d45cb87b39016
tomcat5-jsp-2.0-api-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 44480f586596f7381fa49964378e3ec9
tomcat5-jsp-2.0-api-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b26e3841e8100dfda5ea2ac5b644f0e1
tomcat5-parent-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b173ebe753f6a5b7523cd7a8a786e915
tomcat5-server-lib-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 760ac9b811e7d4cc0943fbd9c50f2728
tomcat5-servlet-2.4-api-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 41a01a224ec894b996fab671bd42acd4
tomcat5-servlet-2.4-api-javadoc-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: e988d2f7254ac0664be08e16760a9194
tomcat5-webapps-5.5.28-7.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: bc6c3c29c288c7f30ee6da6f261b7ffd
tomcat6-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 08d8433ea1cf152de8c81e975ce210c0
tomcat6-admin-webapps-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: f9b9be6d1fc6da666c6fe15df2c47d2f
tomcat6-docs-webapp-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 55587cf46e7c78bcc179ef8bf8989d2e
tomcat6-el-1.0-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 0d6f9beb29608ad063c68e890ef6b02e
tomcat6-javadoc-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 59d6d3188a8811dffa1809296a38c8f7
tomcat6-jsp-2.1-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 00bbd1b321a161e3019fe67e22a680de
tomcat6-lib-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: b83fe680f4d8e52fd0a16cf7f66eedae
tomcat6-log4j-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: e51fa3f85950158222d086a7088f5016
tomcat6-servlet-2.5-api-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 834465becd6597e80a8ff2b4a60cec09
tomcat6-webapps-6.0.24-2.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0872
    MD5: 493c71b28dc4383c79410cceaf3316a2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
558872 - JBEWS 1.0.1 release tracker bug for RHEL 4
558873 - JBEWS 1.0.1 release tracker bug for RHEL-5
559738 - CVE-2009-2693 tomcat: unexpected file deletion and/or alteration
559761 - CVE-2009-2902 tomcat: unexpected file deletion in work directory


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/