Skip to navigation

Security Advisory Moderate: Red Hat JBoss Web Server 2.0.1 update

Advisory: RHSA-2013:1012-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-07-03
Last updated on: 2013-07-03
Affected Products: JBoss Enterprise Web Server v2 EL6
CVEs (cve.mitre.org): CVE-2012-3499
CVE-2012-3544
CVE-2012-4558
CVE-2013-2067
CVE-2013-2071

Details

Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/

The following security issues are also fixed with this release:

Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)

Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)

A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)

A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)

A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)

Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.

Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).

All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

JBoss Enterprise Web Server v2 EL6

SRPMS:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6.src.rpm     MD5: 6e4f16c1a2f66e9d26c8379f0235ebc7
SHA-256: cfbb77afea5a371c79c6badad855055ef61d81f6092b1c5b01b4dcbf7dedc9d7
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.src.rpm     MD5: 6de48fda6a6a76a41d7f550e894277b8
SHA-256: ca8fb7bb0182e525c8f975f6ae52399186997044035eb1365ec6afa61996213b
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6.src.rpm     MD5: 5859b4e281021cb85931050e101a452c
SHA-256: c93e8caa601a9e32f8aa7702270506b1b6ef5032b9b303f24b1dfbdf7c37b259
dom4j-1.6.1-19.redhat_5.ep6.el6.src.rpm     MD5: 87fbb4097ea6ef210f6cf3b8c405b1c9
SHA-256: 27f52fd8103001b8e9f6b773a3e54c1acfcd22f3d008e9a8fbff318b9299544f
ecj3-3.7.2-6.redhat_1.ep6.el6.src.rpm     MD5: 01d281941a904da2717fbebd2217f790
SHA-256: eea7754141eda776a9c5cd2c4ddc3aabaa7dbbceab691ee494ab0c566639a3fb
httpd-2.2.22-23.ep6.el6.src.rpm
File outdated by:  RHSA-2013:1133
    MD5: 9b35dc916fcc150048ad379da2aeb336
SHA-256: 59155311743bab47efc71d838326b86cee9b4d12d3b6680a769b4d69c3e26252
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6.src.rpm     MD5: 2d17021ffb6aa7f4e9fa477743dc0b2a
SHA-256: 232cd480d08c5eba1b3009c9cb5e82cfff3c53cf3500e0af161f61a639e6f313
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.src.rpm     MD5: 2cd2da94c28286e6de35cb534ab0736e
SHA-256: 6a50f75e15fd271c15c01fcfbf6cdf48b9e91617f793f62276c91d3797dd6e8b
mod_jk-1.2.37-2.redhat_1.ep6.el6.src.rpm     MD5: ca995fa8f0e46ba0d6a6496675929221
SHA-256: 014b03f85ae0baab6d3aab489feff256f3d33e6f3c154d5aec029825eaf5a50d
tomcat-native-1.1.27-4.redhat_1.ep6.el6.src.rpm     MD5: 6548b4a72b05256794e62b0130eca990
SHA-256: c5486114b94f63da55056132b6acf5b877f8abb6328267a31af39ef825d42015
tomcat6-6.0.37-10_patch_01.ep6.el6.src.rpm     MD5: 239d3a09b0d7de7a07d875f87f2346be
SHA-256: 5daa28109c28fae8d00ce3227931fd137ce34266932e8766a68e9a21995635a5
tomcat7-7.0.40-5_patch_01.ep6.el6.src.rpm     MD5: b99f232b984803c48894740b0a4772dd
SHA-256: 4c17249f6c070e499ef82abe0c331826b8835826fa8e3811073e8a76ec906966
 
IA-32:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6.noarch.rpm     MD5: 7bbd69557aa008bcbd79e24097e44fee
SHA-256: 71ea948a564973626f1b229744b535996cdeb6bc0701bc9d1c298864482ae8c2
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.i386.rpm     MD5: 144f12e4c7a5d3503e2b25e9de8f37b9
SHA-256: 529a7f351e731a592a9713bb38b692e471925f72969fa55622e9c9a0a7d87a95
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6.noarch.rpm     MD5: 148ac305fb4d5b2785d817f81e785690
SHA-256: 2ea01f43140a40795befa66836771d0dc79c2570f0aa47286470a0e10edb4aef
apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el6.noarch.rpm     MD5: b37bc082ee909187a9ad456a43f46cf4
SHA-256: d4388a0eab8a8f295b54cf7ee18aec2263d3c618ba60308e38c0714fb1b63a63
dom4j-1.6.1-19.redhat_5.ep6.el6.noarch.rpm     MD5: fb250b51c2dad7678ba5a8b8f6f22bee
SHA-256: ccb0ab6014377b436f217fb7dba2b48b60ffe93803ef78cd1610364580190b94
ecj3-3.7.2-6.redhat_1.ep6.el6.noarch.rpm     MD5: 50e77a86219a4cce74193442815dd365
SHA-256: 1042e3e1b4ae481c3c722a883bab41b056bca8b301c01b65dd0da30e21977478
httpd-2.2.22-23.ep6.el6.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: a3693b879d99a618b6119d9a865f8b7e
SHA-256: e76a365b0729a225d5066939fafe687628cffea30daa1d76014be17762237910
httpd-devel-2.2.22-23.ep6.el6.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: ddcf3199a8cd7446a5bc96252a59d109
SHA-256: a9480825082fbde5cc3a2c7a9165d818364b6c4e58c1640bd86e76846c7285c2
httpd-manual-2.2.22-23.ep6.el6.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: daeb6324a82c460380543580c044b777
SHA-256: 6ad6748a0e2875587898ce534ad0c1f89339aba0ffb131b5b5d21929ccb02b8f
httpd-tools-2.2.22-23.ep6.el6.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: 7e14d09fa7b92416a9385a106739e316
SHA-256: 983288e51a1e721e747de0b6e0f68cad45b431df3defdeef1ba51330c4b97e5d
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 36cc302d8b2caac93db199440ac117a7
SHA-256: fe430f5f675d6935ff348144795bb188f91a3debdb7dc771ed223b401e5ead56
mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 5f1d628f176cd0604419ce5eff24d956
SHA-256: d5762563974b76803be70c4ffd4526b661db9072eb83ce60bc577f272c6396cb
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.i386.rpm     MD5: d97d8ea9bd29b80aed0ce8f7606f2b6f
SHA-256: 4c2d81af876596f95f49de5c612f99d94b72b4eccb20c8b5ac3633f55cf58865
mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 43a61866d1b4268564952ca85d08d8fb
SHA-256: 4f56ab1503a1e862b74655ac9c614dc61b7e45c3c321926b3aec36e9efbca07e
mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: dc943a046689e1cccee0f6e7255349b5
SHA-256: 55799fd882469cbdf20732e418c85ad0d9a3280a4070c9e206d9e13fa19cc90f
mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6.i386.rpm     MD5: 4f47eedfcc3c044cdbb76b2c2e2b2d1d
SHA-256: 3e21caf49be5957261f7870677c9c064d4812b448d395ca61a6246913d96a033
mod_jk-manual-1.2.37-2.redhat_1.ep6.el6.i386.rpm     MD5: 2ce6ce7a45cdd7a70c60552aed885ae5
SHA-256: 5cc298ce8f9c7e5d8c676c35f3c07f8bbd4376a9a962176627698d4f6c255b3a
mod_ssl-2.2.22-23.ep6.el6.i386.rpm
File outdated by:  RHSA-2013:1133
    MD5: 5c4d3bee38de0796f0c0c7a3d8edab3c
SHA-256: 6c7c57474ff8644913de7b92d85a76926ac011da9447e14cb9609a2fa693fc5f
tomcat-native-1.1.27-4.redhat_1.ep6.el6.i386.rpm     MD5: 8f4f51d2c104f3c3b265f069027d7a68
SHA-256: 03e07595c73b44c81883cb88ac0945c2e2556dd234d2bca6d6d7241511914a55
tomcat6-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 1eb8c9b4fb78479aba2914ec214434a9
SHA-256: de3a5edc1ebbc716fe3a9b21ef704ec27f2980d39682fbd3c1123542fb2b4a8f
tomcat6-admin-webapps-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 62ded1248fc92764539c891eabaab562
SHA-256: e88cb87fd03094a47a718f026c1300858e07bd654efca4d9d44ba86f207b6440
tomcat6-docs-webapp-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: af2d9a02c5ef2fa9285089d8fc731b52
SHA-256: 1bfecdd8684ebe2715360f24f1c73b5b2ec234e4e2e21e8aa1b9dc5e54e026e6
tomcat6-el-1.0-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 13f623040f7a85e6e847f5a6a1a9fbe0
SHA-256: 8586fdf828c468c29deccaadc23d995197d36a6ad266fae5ef38ba80a67580a3
tomcat6-javadoc-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 1cc4d1becad067ba4c338c174710097a
SHA-256: 5fc41eba69931ed84b97a37a6bd4ff1db33094b86c5a911b48bbc9926eeed46f
tomcat6-jsp-2.1-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 463a5d28b7b0fe64d6353d8a7cba99e5
SHA-256: 1910b0b31c6e50048ae0cddbd6474c982839e5908749292b0a6b33759952a131
tomcat6-lib-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 791a54f560a0336f49f3a5b1e13835af
SHA-256: b1e1d19d8d746ffbb789e78dae1cd9811016842bb0a1046832f3edf7c06e9c4e
tomcat6-log4j-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 4584661fdb67f429fd99310e02f34e8e
SHA-256: 6d31dff6842f42097d948a72795b5f0848f83f6415f75216e10da75bb3e5f964
tomcat6-servlet-2.5-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 7dc3be5bb65469bc34893c85c6308c9c
SHA-256: 678ba2bbda572e3b281ee032a342e7962caaaad8128fa4c18b22e76b6877f695
tomcat6-webapps-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 897a11043fa7304b3e8276b7d45f0bcc
SHA-256: 7c7c5de777118958e5cd321729c07af613b985604f9765580e52a1492b9ddd10
tomcat7-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: c413e61cc59af67ed023fc166823f464
SHA-256: c73922a547b15d3612389dc54672ecc2d9f8f37e6d56d309f2b51d0cc673db6f
tomcat7-admin-webapps-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 65a2caf2a8b0509507869689aacfd908
SHA-256: 1ea63b4f864dc38d99560277ecf21c3be625bf438a4a19a38bef7d778ad18a5a
tomcat7-docs-webapp-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 0031c09ff5e7d84055420739d57b7df2
SHA-256: 7b01580e95eb6a88ce5900dc38c93736a207f16db2c1dd6b92e628842d6c0ead
tomcat7-el-1.0-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: aaea2b0e7a489d6912157fed39afcecb
SHA-256: 76ca33070cacd3b44787a5e20e5b1d1d049b806cf48c54b566b622cfae39e467
tomcat7-javadoc-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: cb45ba469e6aeb951fd188302a3604a3
SHA-256: 56cf183fe939088c7a27a69a77fb90095655b20d57b15924c2b2a181b341737e
tomcat7-jsp-2.2-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: c44adae29680bce151b5f9c42d270cbf
SHA-256: dc14b184d6e11caf1187181473e9f16fbd8d585daec97c8ca7e838353df75c74
tomcat7-lib-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 59dfb78305588246c58342bd98476dbe
SHA-256: d81f551564f7b0d6504b58c7a8d5ff434457ac6546de55b2e40696fcd210b4d1
tomcat7-log4j-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 6deec256e20bd6378316b4888a3a527d
SHA-256: 284463567ba96a681c33d387d3f981a9552cc712a51cd7df45f196d973cd5695
tomcat7-servlet-3.0-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 9a4aac9c7dc34307e91ce8a6d6e539f2
SHA-256: fd7dfc193f48256ca5ec11447740ed2c54ceb47a898c72784a6bdaed8c4caef0
tomcat7-webapps-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 5b21c219d5d7e40d5ee8ec81587d9939
SHA-256: 6f2cff38e3626406e3fec90f86bc2808e7a6ca54c14058ec527141f17d36f7a3
 
x86_64:
apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6.noarch.rpm     MD5: 7bbd69557aa008bcbd79e24097e44fee
SHA-256: 71ea948a564973626f1b229744b535996cdeb6bc0701bc9d1c298864482ae8c2
apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.x86_64.rpm     MD5: 20b8391b4638b1d64d8e55b3f7bdd741
SHA-256: f2d0234bc6ec9c32ca572a8a7c94a70b3367de30be956de72f3b5614a5a4e2b9
apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6.noarch.rpm     MD5: 148ac305fb4d5b2785d817f81e785690
SHA-256: 2ea01f43140a40795befa66836771d0dc79c2570f0aa47286470a0e10edb4aef
apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el6.noarch.rpm     MD5: b37bc082ee909187a9ad456a43f46cf4
SHA-256: d4388a0eab8a8f295b54cf7ee18aec2263d3c618ba60308e38c0714fb1b63a63
dom4j-1.6.1-19.redhat_5.ep6.el6.noarch.rpm     MD5: fb250b51c2dad7678ba5a8b8f6f22bee
SHA-256: ccb0ab6014377b436f217fb7dba2b48b60ffe93803ef78cd1610364580190b94
ecj3-3.7.2-6.redhat_1.ep6.el6.noarch.rpm     MD5: 50e77a86219a4cce74193442815dd365
SHA-256: 1042e3e1b4ae481c3c722a883bab41b056bca8b301c01b65dd0da30e21977478
httpd-2.2.22-23.ep6.el6.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 8be2866f671da2eee6a3dea681436db5
SHA-256: 481d4fa6dad4ec5a7b6dc637b1749aadbd52b47eb9b82a37092c952d1fa5cbb6
httpd-devel-2.2.22-23.ep6.el6.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: b2e039ad5b5e17616f4c2b8c45156a66
SHA-256: e024e47a769680a9ea2d2ac9db1738b2094f1510f3caf2839edd2c3dd3fbf9e5
httpd-manual-2.2.22-23.ep6.el6.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 355da56c7a300a678f6d8cc8a62eeb34
SHA-256: 971d1d5f160944d2edde412b6a8bb69cf8edf255905513656c3d1d7ec51c43fc
httpd-tools-2.2.22-23.ep6.el6.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 9c9a65230db6e2ad167d07a226b270fb
SHA-256: bdd341e9bb0fe17540a1806a283663ab12948aa7018f937e2f0489a697dc3067
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 36cc302d8b2caac93db199440ac117a7
SHA-256: fe430f5f675d6935ff348144795bb188f91a3debdb7dc771ed223b401e5ead56
mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 5f1d628f176cd0604419ce5eff24d956
SHA-256: d5762563974b76803be70c4ffd4526b661db9072eb83ce60bc577f272c6396cb
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.x86_64.rpm     MD5: 346f126c658c90166820a376b2ba082d
SHA-256: 7bfc50c380cefc61f06941ba262177d38e545decfd96a5494571cdec81e784e9
mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: 43a61866d1b4268564952ca85d08d8fb
SHA-256: 4f56ab1503a1e862b74655ac9c614dc61b7e45c3c321926b3aec36e9efbca07e
mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm     MD5: dc943a046689e1cccee0f6e7255349b5
SHA-256: 55799fd882469cbdf20732e418c85ad0d9a3280a4070c9e206d9e13fa19cc90f
mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6.x86_64.rpm     MD5: e3c868fa417e4e45e3d387dc0b90ec72
SHA-256: 2fc962581c7b34d1c25e7b1095682bf6d1ca45f0502d74aa1ae8df470a8109b7
mod_jk-manual-1.2.37-2.redhat_1.ep6.el6.x86_64.rpm     MD5: af415bb84ec6459b261938d7d7b4c00b
SHA-256: 9e9411b3d7b695bf0d498e9fc124ae94236bc2fea8daf2e7f7420863bc1b4474
mod_ssl-2.2.22-23.ep6.el6.x86_64.rpm
File outdated by:  RHSA-2013:1133
    MD5: 0027dbcc811f7bc3d2c898f01455e281
SHA-256: 4e05b70bfa3bea903001f15cfb082e9896af108343b46502c0cfefcaf9098c2b
tomcat-native-1.1.27-4.redhat_1.ep6.el6.x86_64.rpm     MD5: 18c339c4682bec68dc06d0489aedbbb1
SHA-256: 0a2b7dba23bc6d1429bb6fcbe869c86377f374c9b0e0c7efc8e801a7839d6adb
tomcat6-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 1eb8c9b4fb78479aba2914ec214434a9
SHA-256: de3a5edc1ebbc716fe3a9b21ef704ec27f2980d39682fbd3c1123542fb2b4a8f
tomcat6-admin-webapps-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 62ded1248fc92764539c891eabaab562
SHA-256: e88cb87fd03094a47a718f026c1300858e07bd654efca4d9d44ba86f207b6440
tomcat6-docs-webapp-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: af2d9a02c5ef2fa9285089d8fc731b52
SHA-256: 1bfecdd8684ebe2715360f24f1c73b5b2ec234e4e2e21e8aa1b9dc5e54e026e6
tomcat6-el-1.0-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 13f623040f7a85e6e847f5a6a1a9fbe0
SHA-256: 8586fdf828c468c29deccaadc23d995197d36a6ad266fae5ef38ba80a67580a3
tomcat6-javadoc-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 1cc4d1becad067ba4c338c174710097a
SHA-256: 5fc41eba69931ed84b97a37a6bd4ff1db33094b86c5a911b48bbc9926eeed46f
tomcat6-jsp-2.1-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 463a5d28b7b0fe64d6353d8a7cba99e5
SHA-256: 1910b0b31c6e50048ae0cddbd6474c982839e5908749292b0a6b33759952a131
tomcat6-lib-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 791a54f560a0336f49f3a5b1e13835af
SHA-256: b1e1d19d8d746ffbb789e78dae1cd9811016842bb0a1046832f3edf7c06e9c4e
tomcat6-log4j-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 4584661fdb67f429fd99310e02f34e8e
SHA-256: 6d31dff6842f42097d948a72795b5f0848f83f6415f75216e10da75bb3e5f964
tomcat6-servlet-2.5-api-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 7dc3be5bb65469bc34893c85c6308c9c
SHA-256: 678ba2bbda572e3b281ee032a342e7962caaaad8128fa4c18b22e76b6877f695
tomcat6-webapps-6.0.37-10_patch_01.ep6.el6.noarch.rpm     MD5: 897a11043fa7304b3e8276b7d45f0bcc
SHA-256: 7c7c5de777118958e5cd321729c07af613b985604f9765580e52a1492b9ddd10
tomcat7-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: c413e61cc59af67ed023fc166823f464
SHA-256: c73922a547b15d3612389dc54672ecc2d9f8f37e6d56d309f2b51d0cc673db6f
tomcat7-admin-webapps-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 65a2caf2a8b0509507869689aacfd908
SHA-256: 1ea63b4f864dc38d99560277ecf21c3be625bf438a4a19a38bef7d778ad18a5a
tomcat7-docs-webapp-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 0031c09ff5e7d84055420739d57b7df2
SHA-256: 7b01580e95eb6a88ce5900dc38c93736a207f16db2c1dd6b92e628842d6c0ead
tomcat7-el-1.0-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: aaea2b0e7a489d6912157fed39afcecb
SHA-256: 76ca33070cacd3b44787a5e20e5b1d1d049b806cf48c54b566b622cfae39e467
tomcat7-javadoc-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: cb45ba469e6aeb951fd188302a3604a3
SHA-256: 56cf183fe939088c7a27a69a77fb90095655b20d57b15924c2b2a181b341737e
tomcat7-jsp-2.2-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: c44adae29680bce151b5f9c42d270cbf
SHA-256: dc14b184d6e11caf1187181473e9f16fbd8d585daec97c8ca7e838353df75c74
tomcat7-lib-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 59dfb78305588246c58342bd98476dbe
SHA-256: d81f551564f7b0d6504b58c7a8d5ff434457ac6546de55b2e40696fcd210b4d1
tomcat7-log4j-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 6deec256e20bd6378316b4888a3a527d
SHA-256: 284463567ba96a681c33d387d3f981a9552cc712a51cd7df45f196d973cd5695
tomcat7-servlet-3.0-api-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 9a4aac9c7dc34307e91ce8a6d6e539f2
SHA-256: fd7dfc193f48256ca5ec11447740ed2c54ceb47a898c72784a6bdaed8c4caef0
tomcat7-webapps-7.0.40-5_patch_01.ep6.el6.noarch.rpm     MD5: 5b21c219d5d7e40d5ee8ec81587d9939
SHA-256: 6f2cff38e3626406e3fec90f86bc2808e7a6ca54c14058ec527141f17d36f7a3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames
915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface
961779 - CVE-2013-2067 tomcat: Session fixation in form authenticator
961783 - CVE-2012-3544 tomcat: Limited DoS in chunked transfer encoding input filter
961803 - CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/