Skip to navigation

Security Advisory Moderate: Red Hat JBoss Web Server 2.0.1 update

Advisory: RHSA-2013:1011-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-07-03
Last updated on: 2013-07-03
Affected Products: JBoss Enterprise Web Server v2 EL5
CVEs (cve.mitre.org): CVE-2012-3499
CVE-2012-3544
CVE-2012-4558
CVE-2013-2067
CVE-2013-2071

Details

Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/

The following security issues are also fixed with this release:

Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)

Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)

A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)

A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)

A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)

Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.

Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).

All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

JBoss Enterprise Web Server v2 EL5

SRPMS:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.src.rpm     MD5: 1a92523872de2c0ba2b9d2f69e19fec2
SHA-256: 5b82d0de3fbe0dec0b71b0666b2c78f6fa264aa7496c85dde06f5da8b13bda8e
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.src.rpm     MD5: 3262b90b661c07b2f58925b44e305bf3
SHA-256: 2194d8c176ffcf5ccc05617e00ca6266a8620fb2ecaff7e237a5d933580f40a8
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.src.rpm     MD5: e43fdbba97bdbbe8cbd3f77128875700
SHA-256: 5d36cebe128876be657b8d30df31f21206bd0eb4b241a19e185a1cf32ce5b99e
dom4j-1.6.1-19.redhat_5.ep6.el5.src.rpm     MD5: 5a82bd7b29ea12c33ff1e50befd9500b
SHA-256: f55cbb36ff18b7ca571e6694aea5ea55563a5b51ce49ef6b3574acf93cff0d6b
ecj3-3.7.2-6.redhat_1.ep6.el5.src.rpm     MD5: 8154cd79d7a4027c6b4bea8e966351b7
SHA-256: db6de52bc21a1dd3b8712005d8c9b5185ca811fd7a52a51aa03808a3b8025acb
httpd-2.2.22-23.ep6.el5.src.rpm
File outdated by:  RHSA-2013:1133
    MD5: 6cc0222d3a6e3c3de59442c294aeb7e4
SHA-256: e29086e39ad1aec8b24799b5d0b5b71d6da01d18a3c6e1bf905eaaa53280365d
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.src.rpm     MD5: 0eda08a7e5a53e69e951d9846038d08b
SHA-256: 130f787b8c1d03c76a6888e958cd3edce5ff519e2759e89c5bf385a9c4e869ee
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.src.rpm     MD5: b37e89f3ae72a8919579b0ab4c2bb7ae
SHA-256: 8c11615cc047546995fc41145ad88500eb07c7cdb2f98e525da7587d90e96fdb
mod_jk-1.2.37-2.redhat_1.ep6.el5.src.rpm     MD5: da965be58eccc8b12404c19bf4a37bcb
SHA-256: 6864c28d537f9463322739af425f16d8fef2e010255c25f2718b0e88a14ad322
tomcat-native-1.1.27-4.redhat_1.ep6.el5.src.rpm     MD5: 1fab76e2b34152424e98ddae9351f95a
SHA-256: 1942c711208454d1c8c93fe4ae0e6c067416603f12fcce6cd53c128ab9051325
tomcat6-6.0.37-8_patch_01.ep6.el5.src.rpm     MD5: 0f420b05bd5fd7857fae3ba7b0574287
SHA-256: ac7564cb5d5d9c6665ac992775beebeba29f0ffc8337f3ac7ba177d97e3f61a7
tomcat7-7.0.40-9_patch_01.ep6.el5.src.rpm     MD5: 7e478e4523d4e8e0a29c55a521bad729
SHA-256: 9cbda5e7cc2a34843c85123bf925cfa2e52bc2682ed88f4dd710de47f6c69a15
 
IA-32:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.noarch.rpm     MD5: 04ebb46f02efde782c071f1ba8f9d5bf
SHA-256: 96dd68b6adeadf2c4e96fe8b8c66d71e9354084613b369817f1ecffdedeac7c1
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.i386.rpm     MD5: d7aeb5f27fd7908f90a5198eb36e9283
SHA-256: 7c49446c806dffe45ded9b7b7d8d8d7f451e8303f0016caa87b0f536ac04571c
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm     MD5: 3d06efafdb165c049bc5a596c906f285
SHA-256: dd6b4dad104d1afdbebd9132bebbeb4bffc60a6fa1fe169c27cd779987e89fcf
apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm     MD5: f8e12ece02307acd80523b6c1220365d
SHA-256: f5e6392dd82b213eae58181b8440b9de30159f399a45e6f0f11b99f4d1aa5a29
dom4j-1.6.1-19.redhat_5.ep6.el5.noarch.rpm     MD5: e80225fc4f8258efe4ab22e488cb535e
SHA-256: f08ba29d494d9d414f9b2de43e8ba9c6cce0372e8ede01944b8f11fb2c07ecfe
ecj3-3.7.2-6.redhat_1.ep6.el5.noarch.rpm     MD5: b1b29e0b80da161c389877e04d5a48c7
SHA-256: fa515a94a9472b34299b58fcb40d65f0567d20d6e1aac87e2173ab2b5f77d2e8
httpd-2.2.22-23.ep6.el5.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: dad52cb65d151c7498b70d0275387122
SHA-256: f3facbdbbd24172c5726d78e05395bab56de564ee517ea924a458bfaef4df739
httpd-devel-2.2.22-23.ep6.el5.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: 218722c1825e00411a4a211d311a4fc5
SHA-256: 99fe12ba2414fee5727b7517915c21e13e08f7b74d1d6352c9a835a8083fdec5
httpd-manual-2.2.22-23.ep6.el5.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: ba4a3e7ec1d581dd1a673d686a250c98
SHA-256: 072da4f8fa6b38095e6b5749520680a4732f7b494529b9e3969d9e966dd5f80b
httpd-tools-2.2.22-23.ep6.el5.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: 56537c2f0bcca133d5b2c5ec27adfbfd
SHA-256: 0b9485fbf0a78f3f6faf140b28eac9d126d6362fa850a94e1ef7fadd2ad58f5a
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 234edff8b8ba3f3194a5e07626601eff
SHA-256: 027eda581f5420a6450c15322a96546d48c5da1a032b2024a190d847f8d1f6ff
mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 4879e56643c458214eb325aa323acf89
SHA-256: 2379c382381b2b6c3413d6428ddb753f007d232f03b1eb68ca589f8dd8401e15
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm     MD5: 795475a0c20c264712651b4ec8169fe8
SHA-256: 000956cbe435c6371d6a2569b5db8a45c0ab5258fd70d2ee207675f5096a874e
mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: ba94ebbdf93de09062129672b30fb4ee
SHA-256: 8e9bed6c127b7df0f00ee5e3899a40a19f04304dbdb5015962514fa7d9c4f4dc
mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 4c25661f0d241ad134699d2dc5337dd4
SHA-256: 3bcbbb031b8dccc664519aea6b8b009383eac9d6d6953214b8bc0234ce9e9ec1
mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.i386.rpm     MD5: 48c2d62024a9cab9d04d50d8c05ed895
SHA-256: 8b2753cc7eaec0654ecb7bf2e91a1c9a82ece1f3df53ba8a3cb17cd2d2335ef1
mod_jk-manual-1.2.37-2.redhat_1.ep6.el5.i386.rpm     MD5: a8461ed43d0a7159de2cf87293278dd9
SHA-256: 1ca5d80f1647ba474b5b36be50794fd461b91f0cf09f21bad9750510008daca6
mod_ssl-2.2.22-23.ep6.el5.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: 975749ae415afcd2f15e0ed1d40f4470
SHA-256: 2709070c04f4bf830a1b5ed1de0b935dc5e45c0ff6618e57bc7106873769b9f3
tomcat-native-1.1.27-4.redhat_1.ep6.el5.i386.rpm     MD5: 5b73751c78eff9ff23f3c83745888635
SHA-256: 96bf4b63c9b6e6e5b942a90163e4c308a263495825aeff1e05342e3c8a91f567
tomcat6-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: c03cb508bda1e4ebaa66ee1d0f4a28d3
SHA-256: 410c1e8feee71b8082e2270aaf8962e04b8574ea774dc7ef570b77627f2fd028
tomcat6-admin-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: ba3877232197d4cfc5b899c747c574fa
SHA-256: f416ecf0d954cb8c2690c3ebd4a621045e5374f3b92ee9810cdc1152da34e1d2
tomcat6-docs-webapp-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 99aa7ab3d3317eeb1746a167192cc085
SHA-256: 5dd1ae7ef39a811f1c161df8553439c8e4ba68ba59753304c75016f53abdc480
tomcat6-el-1.0-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: b02599fe86d0363dbcd1ad0e4ed280b6
SHA-256: 683d3608d0bc4fc058c31cfaead50c384e3d5bc5ea77366b1932323ca12494d5
tomcat6-javadoc-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 5eda9e3ed2f46db8a9b3a8b9907b0474
SHA-256: d72cc029eb3d0bf2fb0ee7b10dfc5041a808e32c3b5acc9629b549b09dfa6257
tomcat6-jsp-2.1-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: ba3ff1d8f59496c25e0da545893b9ed7
SHA-256: c11012fb43e24924db90e9231f8bff13f7beaa9b0ab462108557bd98e8cc1217
tomcat6-lib-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 436a75981d5c45ec82e8ba267b9744c9
SHA-256: e3f95a4f76512792f36cf08def81f49017a4477639da922570a6c84f0cb1a722
tomcat6-log4j-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 3a73940e3ba38fdf1ac053dcdc01f2be
SHA-256: 81b4e070f02b34ed18f77b478693c2803c94d688ad84e769936c3c57db82e8d7
tomcat6-servlet-2.5-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: f864f29ca775784cd62d5fb5981ec950
SHA-256: 54f4fdc8f1fb2d93f127c9c8fe73d1e132c12af2668e917481b188fccf2c9265
tomcat6-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 7ea1aa841a6da84bb5ef17602b0bc1b7
SHA-256: 8b5c9db3ce983dd7fd09714745ecb6dc5d4b65dc7b7af05f316998deb768e6db
tomcat7-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 3b72de34e2c9259299569e6ac7b21942
SHA-256: 2345c769613bdd540db034eb203ec5d271951ef62f01d252a3a0339df8261c53
tomcat7-admin-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: ce6684a3f539b247e55428e8c9960495
SHA-256: 530d4654662e51b1c3cab5338d736016c55214cfe8541670564a14a4d44679bd
tomcat7-docs-webapp-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 0f913d9576202f8f4e14b53737c9f7dc
SHA-256: cfa2b15910d5b6e17f1c7843ad3878f37309e37a76a2e1ea75ac21027e55b913
tomcat7-el-1.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 2eb44f7c4819a96aff91a8b076c73882
SHA-256: 0fdbb2d8b25948081337a3133eceb27b40e9e23e72d5d10b463dface407c8cd7
tomcat7-javadoc-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 264ea4dbf5ea769b8c8ffe79916bba5e
SHA-256: e7dacd941c57ca8f0d47f281230bce5519e4eba252a033a4e4042202326700ef
tomcat7-jsp-2.2-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: dac2f5b7d5949231a21b93696038b59c
SHA-256: 7d2c6bf75fd80953dc269b10c6464af0a085e0279f3f51bdef07a591c51a9fab
tomcat7-lib-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: c591f8d0dd350051611c9e9c48320a06
SHA-256: 18355fad414049279eefd42a8dbb2d589e5a46404779cdd54f2d533d517cec77
tomcat7-log4j-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 49820502439f818ed15f2fe85e34c8a7
SHA-256: 5e840e9ea6b9fa541b0a31958232a17ab1610b69aa09edb8e753493dcdd646d8
tomcat7-servlet-3.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 9ff711fa9b80c7d114fc9c6540d3dea5
SHA-256: 299a381eb0094dff1688048441d0e2bcabb0441cf0f91f834bc92c77de6c0df9
tomcat7-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 6b11945977297fbc8b6e33ad2b1377c5
SHA-256: 41ef9016ec55422697e5ca7bc97586e8d3b510eca42b6a08e52e11dda262d215
 
x86_64:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.noarch.rpm     MD5: 04ebb46f02efde782c071f1ba8f9d5bf
SHA-256: 96dd68b6adeadf2c4e96fe8b8c66d71e9354084613b369817f1ecffdedeac7c1
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm     MD5: db00e3f9161ececeb046f339eac09a09
SHA-256: bf0101c4bf52f3b9ff665214749ded263770225633716c1dd2054e2786a878f2
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm     MD5: 3d06efafdb165c049bc5a596c906f285
SHA-256: dd6b4dad104d1afdbebd9132bebbeb4bffc60a6fa1fe169c27cd779987e89fcf
apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm     MD5: f8e12ece02307acd80523b6c1220365d
SHA-256: f5e6392dd82b213eae58181b8440b9de30159f399a45e6f0f11b99f4d1aa5a29
dom4j-1.6.1-19.redhat_5.ep6.el5.noarch.rpm     MD5: e80225fc4f8258efe4ab22e488cb535e
SHA-256: f08ba29d494d9d414f9b2de43e8ba9c6cce0372e8ede01944b8f11fb2c07ecfe
ecj3-3.7.2-6.redhat_1.ep6.el5.noarch.rpm     MD5: b1b29e0b80da161c389877e04d5a48c7
SHA-256: fa515a94a9472b34299b58fcb40d65f0567d20d6e1aac87e2173ab2b5f77d2e8
httpd-2.2.22-23.ep6.el5.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: c4d2b78460f254221c8afa8a0c77c4dc
SHA-256: 600997a039bdb85dff00f944049b9778ea44be2a9228d16bcd47e5033dc44bad
httpd-devel-2.2.22-23.ep6.el5.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: eef3b16f1911e5b92c14d8cd3b0174ad
SHA-256: 4c336d2e3a36ec7926f13ca6af1ab42f0aecbd8028e83d3258c7915a85d8065c
httpd-manual-2.2.22-23.ep6.el5.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 03e584cb99a67322cacc85cdb5b33bfe
SHA-256: a31f8d8305352f947479f24ecb02a88bf0ee905eab071e1162748938977f5a33
httpd-tools-2.2.22-23.ep6.el5.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 8e9af484c892c78810e221aa51a55888
SHA-256: 35e1e547afbbebb47cdba009166e42d624344608768e65a05d4d0ecdd25e39d0
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 234edff8b8ba3f3194a5e07626601eff
SHA-256: 027eda581f5420a6450c15322a96546d48c5da1a032b2024a190d847f8d1f6ff
mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 4879e56643c458214eb325aa323acf89
SHA-256: 2379c382381b2b6c3413d6428ddb753f007d232f03b1eb68ca589f8dd8401e15
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm     MD5: 752bf8331d901da62e69474d0c718cff
SHA-256: 628d188ccab7516e7187b86878b8d5ec47a4a13f1adfbcbc1b2bd63f2214a9a3
mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: ba94ebbdf93de09062129672b30fb4ee
SHA-256: 8e9bed6c127b7df0f00ee5e3899a40a19f04304dbdb5015962514fa7d9c4f4dc
mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm     MD5: 4c25661f0d241ad134699d2dc5337dd4
SHA-256: 3bcbbb031b8dccc664519aea6b8b009383eac9d6d6953214b8bc0234ce9e9ec1
mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm     MD5: f094c4871ac475859b88e2bb523c4891
SHA-256: 266b2ad81d9e9685924aa941118b446f3ff0aba86b9e49783b885b05154db4b7
mod_jk-manual-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm     MD5: 4ff88de6663dd335815afe02811e4ed8
SHA-256: 391bed33dc764f4e533439544b0113da68e2e29a3e9283410f54ffca0ce75c47
mod_ssl-2.2.22-23.ep6.el5.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: feb856c913de0e0ebca77426401f57cd
SHA-256: fa716f174e8d5db924f6df1b0b09caff4f3c6bed874763a6dbfcb7393b598b29
tomcat-native-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm     MD5: 265f6a7fd61815328e1d0ac4c0aaf758
SHA-256: dd6629053f2d5aab2d14ea8a71e851120ef7f4ba526b4c1a368e30c1d420641c
tomcat6-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: c03cb508bda1e4ebaa66ee1d0f4a28d3
SHA-256: 410c1e8feee71b8082e2270aaf8962e04b8574ea774dc7ef570b77627f2fd028
tomcat6-admin-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: ba3877232197d4cfc5b899c747c574fa
SHA-256: f416ecf0d954cb8c2690c3ebd4a621045e5374f3b92ee9810cdc1152da34e1d2
tomcat6-docs-webapp-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 99aa7ab3d3317eeb1746a167192cc085
SHA-256: 5dd1ae7ef39a811f1c161df8553439c8e4ba68ba59753304c75016f53abdc480
tomcat6-el-1.0-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: b02599fe86d0363dbcd1ad0e4ed280b6
SHA-256: 683d3608d0bc4fc058c31cfaead50c384e3d5bc5ea77366b1932323ca12494d5
tomcat6-javadoc-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 5eda9e3ed2f46db8a9b3a8b9907b0474
SHA-256: d72cc029eb3d0bf2fb0ee7b10dfc5041a808e32c3b5acc9629b549b09dfa6257
tomcat6-jsp-2.1-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: ba3ff1d8f59496c25e0da545893b9ed7
SHA-256: c11012fb43e24924db90e9231f8bff13f7beaa9b0ab462108557bd98e8cc1217
tomcat6-lib-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 436a75981d5c45ec82e8ba267b9744c9
SHA-256: e3f95a4f76512792f36cf08def81f49017a4477639da922570a6c84f0cb1a722
tomcat6-log4j-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 3a73940e3ba38fdf1ac053dcdc01f2be
SHA-256: 81b4e070f02b34ed18f77b478693c2803c94d688ad84e769936c3c57db82e8d7
tomcat6-servlet-2.5-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: f864f29ca775784cd62d5fb5981ec950
SHA-256: 54f4fdc8f1fb2d93f127c9c8fe73d1e132c12af2668e917481b188fccf2c9265
tomcat6-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm     MD5: 7ea1aa841a6da84bb5ef17602b0bc1b7
SHA-256: 8b5c9db3ce983dd7fd09714745ecb6dc5d4b65dc7b7af05f316998deb768e6db
tomcat7-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 3b72de34e2c9259299569e6ac7b21942
SHA-256: 2345c769613bdd540db034eb203ec5d271951ef62f01d252a3a0339df8261c53
tomcat7-admin-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: ce6684a3f539b247e55428e8c9960495
SHA-256: 530d4654662e51b1c3cab5338d736016c55214cfe8541670564a14a4d44679bd
tomcat7-docs-webapp-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 0f913d9576202f8f4e14b53737c9f7dc
SHA-256: cfa2b15910d5b6e17f1c7843ad3878f37309e37a76a2e1ea75ac21027e55b913
tomcat7-el-1.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 2eb44f7c4819a96aff91a8b076c73882
SHA-256: 0fdbb2d8b25948081337a3133eceb27b40e9e23e72d5d10b463dface407c8cd7
tomcat7-javadoc-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 264ea4dbf5ea769b8c8ffe79916bba5e
SHA-256: e7dacd941c57ca8f0d47f281230bce5519e4eba252a033a4e4042202326700ef
tomcat7-jsp-2.2-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: dac2f5b7d5949231a21b93696038b59c
SHA-256: 7d2c6bf75fd80953dc269b10c6464af0a085e0279f3f51bdef07a591c51a9fab
tomcat7-lib-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: c591f8d0dd350051611c9e9c48320a06
SHA-256: 18355fad414049279eefd42a8dbb2d589e5a46404779cdd54f2d533d517cec77
tomcat7-log4j-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 49820502439f818ed15f2fe85e34c8a7
SHA-256: 5e840e9ea6b9fa541b0a31958232a17ab1610b69aa09edb8e753493dcdd646d8
tomcat7-servlet-3.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 9ff711fa9b80c7d114fc9c6540d3dea5
SHA-256: 299a381eb0094dff1688048441d0e2bcabb0441cf0f91f834bc92c77de6c0df9
tomcat7-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm     MD5: 6b11945977297fbc8b6e33ad2b1377c5
SHA-256: 41ef9016ec55422697e5ca7bc97586e8d3b510eca42b6a08e52e11dda262d215
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames
915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface
961779 - CVE-2013-2067 tomcat: Session fixation in form authenticator
961783 - CVE-2012-3544 tomcat: Limited DoS in chunked transfer encoding input filter
961803 - CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/