Issued:: 2011-02-10
Updated:: 2011-02-10

RHSA-2011:0211 - Security Advisory

Overview
Updated Packages

Synopsis

Important: jbossweb security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated jbossweb packages that fix one security issue are now available for
JBoss Enterprise Web Platform 5 for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

JBoss Web Server is a web container based on Apache Tomcat. It provides a
single deployment platform for the JavaServer Pages (JSP) and Java Servlet
technologies.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
JBoss Web Server to hang via a specially-crafted HTTP request.
(CVE-2010-4476)

Users of JBoss Web Server should upgrade to these updated packages, which
contain a backported patch to correct this issue. The JBoss server process
must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

JBoss Enterprise Web Platform 5 for RHEL 5 x86_64
JBoss Enterprise Web Platform 5 for RHEL 5 i386

Fixes

BZ - 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service

CVEs

CVE-2010-4476

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Platform 5 for RHEL 5

SRPM
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.src.rpm	SHA-256: e6af838f047ff42e1128252a57997775a6128ca818ec24c70ca44df9a8a7425f
x86_64
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: 7715f92753540a01459173111902885a1fe3194d3fdad371b4c663a07f30fbef
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: ecc555d4e611085f3b68698369fea32834de25fbb6189d04de9c42ac843a186c
jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: 29632562b0cbc583b19768994705187f7e8b0f8127bbed0afdd92dd8d6bfecd3
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: cece99d3be3f376deca995acd82b923aa34859e16273477c76e945e7ea084538
i386
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: 7715f92753540a01459173111902885a1fe3194d3fdad371b4c663a07f30fbef
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: ecc555d4e611085f3b68698369fea32834de25fbb6189d04de9c42ac843a186c
jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: 29632562b0cbc583b19768994705187f7e8b0f8127bbed0afdd92dd8d6bfecd3
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm	SHA-256: cece99d3be3f376deca995acd82b923aa34859e16273477c76e945e7ea084538

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation