Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2016:0061 - Security Advisory
Issued:
2016-01-21
Updated:
2016-01-21

RHSA-2016:0061 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: httpd and httpd22 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated httpd and httpd22 packages that fix two security issues are now
available for Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux
5, 6, and 7.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which
give detailed severity ratings, are available from the CVE links in the
References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)

A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could use
Trailer headers to set additional HTTP headers after header processing was
performed by other modules. This could, for example, lead to a bypass of
header restrictions defined with mod_headers. (CVE-2013-5704)

Users of httpd or httpd22 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the updated packages, the httpd or httpd22 service must be restarted
manually for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 2 for RHEL 7 x86_64
  • JBoss Enterprise Web Server 2 for RHEL 6 x86_64
  • JBoss Enterprise Web Server 2 for RHEL 6 i386
  • JBoss Enterprise Web Server 2 for RHEL 5 x86_64
  • JBoss Enterprise Web Server 2 for RHEL 5 i386

Fixes

  • BZ - 1082903 - CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
  • BZ - 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser

CVEs

  • CVE-2013-5704
  • CVE-2015-3183

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 2 for RHEL 7

SRPM
httpd22-2.2.26-42.ep6.el7.src.rpm SHA-256: b7302a7253c68ffb3a31d26bd6308263ca2d31b394149b8448f4c1c93bf2af6d
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el7.src.rpm SHA-256: 371d96c807818f3ada809256cc323243b3dd07f0b87e9e2bf6e3ccac0dc855d0
x86_64
httpd22-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: adfbe99feb67b7bb7ffa16d689d6524d3548cb2a0aa61ed975942248571c3ecf
httpd22-debuginfo-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: 888081f2face8ade8bb2b4927db524d3ec825cbe9dce686717bb23ef319579fb
httpd22-devel-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: ba30509147d978da808fc6dfb9d7c4793692837c36a9d8fe92bd87a05fdad868
httpd22-manual-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: b149f9abf5d409a042c3470154d441fc39b82e214a96814ae94d0ce15790badb
httpd22-tools-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: ae7e36b79c20e37e1eedc0d1247a83303b97163df4731da2b571be933443683d
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el7.x86_64.rpm SHA-256: a1f0e448ab82416a0274865866e8a4e69290066a645f3f14d39e91058882c696
mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el7.x86_64.rpm SHA-256: f28756bf33fa0f9f0beb4723638862ea86563b76dfb1616caf9b19f2850c5e04
mod_ssl22-2.2.26-42.ep6.el7.x86_64.rpm SHA-256: fd341ff6400897ea5687d2e131cdb6ee43fdd20e801fdbd76e90e4cfc4631687

JBoss Enterprise Web Server 2 for RHEL 6

SRPM
httpd-2.2.26-41.ep6.el6.src.rpm SHA-256: 1db25d17c1c66ba43fa171797afdc6d28f9f130db00c521f767b67043da3da2d
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el6.src.rpm SHA-256: 7d27c87b8cf6df27bf9f20186038feb9d04be642b45131dc7edae27d23905be3
x86_64
httpd-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: 425c0a8db0808ecf8fc1b8ffef665137e9add6a87f8cb9326b13137c18bda122
httpd-debuginfo-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: c1e44052a3978e3fb9ba8eabbc08481e7cea4f9e4bbc249c30db023b6ca7e381
httpd-devel-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: 1d59f42a694a87506111da706dc57ff749d016578ea3696065ac7468751114be
httpd-manual-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: 642dea55128205a19d7ef42ec22d0b5ec56a6f71fa8753a78c951028ab4c8a84
httpd-tools-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: e279a65c38387676c7ea9481c1a417b84625c7c23cc4203696ec81ecfdfbbea2
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el6.x86_64.rpm SHA-256: 1836f8426f64ca88114b95b463062a75e58652efea23148944340d2fd5419c05
mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el6.x86_64.rpm SHA-256: c96ef5ec74fa11d2a9ef5cd5108f1628f1834705ba2ecd8f6ba461c58eddcebf
mod_ssl-2.2.26-41.ep6.el6.x86_64.rpm SHA-256: 2965f0c5ab5c11c903d88fdb136ccce6d3d5632de80e5d8c70a533dc8b5063c3
i386
httpd-2.2.26-41.ep6.el6.i386.rpm SHA-256: c57e5dd009492acf8c4034078c9955c26095895a504a8378e22b426544ba3cb0
httpd-debuginfo-2.2.26-41.ep6.el6.i386.rpm SHA-256: ae4363032aefa2b7636babc55be114ce09b3822b5380c6bac04655a6ce000a86
httpd-devel-2.2.26-41.ep6.el6.i386.rpm SHA-256: 84005b3b0c644e656060dcac9a8aff12336cd674991edb905fcad829ddf0979e
httpd-manual-2.2.26-41.ep6.el6.i386.rpm SHA-256: 43371f2c6ad3cf3f33a8694c7e02eca86c693094c44d1178f328ad65621ec770
httpd-tools-2.2.26-41.ep6.el6.i386.rpm SHA-256: b2eacba685d14871b8e04fc9ea5adca8d4f1c24693cddc57582bfa6254d17132
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el6.i386.rpm SHA-256: 1ebf3e6e7742cfd5cc9915e3ff751358e85056a5ef691cbbdaa875f615954028
mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el6.i386.rpm SHA-256: 1ea3cb93afef9ad6afaf4120ec5ecf5b34c8811c844edf26e19d6367e7c5ba9b
mod_ssl-2.2.26-41.ep6.el6.i386.rpm SHA-256: 43e0ab229cd39a3d490c2cf56dbf82b86d18afedeaefde7ea39793bcc295cf36

JBoss Enterprise Web Server 2 for RHEL 5

SRPM
httpd-2.2.26-41.ep6.el5.src.rpm SHA-256: 4d9a1bf47bd7830ceb4a53832b1b16d6b988c5e709b0af5820ae0e22476fa34b
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5.src.rpm SHA-256: 4e2c220ab3a0968f05c5a20b765596b3a3d96488cb50d4bbe1281b83b78e83a6
x86_64
httpd-2.2.26-41.ep6.el5.x86_64.rpm SHA-256: 1457f7d785ab13b35438aba35a416763726c4c8c5c67b46d7ae6762d91a42383
httpd-devel-2.2.26-41.ep6.el5.x86_64.rpm SHA-256: b2a1d02b5793c76f1f70507d500641a914eb66bbf2cc3b53998002f3615e386b
httpd-manual-2.2.26-41.ep6.el5.x86_64.rpm SHA-256: 2595c0d52fe20a1099bec064ac732f151b111c4018588c370b39e4c1b8336ef4
httpd-tools-2.2.26-41.ep6.el5.x86_64.rpm SHA-256: 0ae677d7245c5a16701ecee9ffa9a9923586a0f535bfa409f0957e2c9ce5ff16
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5.x86_64.rpm SHA-256: 2839375539918d327f42c4eb34e957d22bf2652fc76501ddd2e97f46e7171b72
mod_ssl-2.2.26-41.ep6.el5.x86_64.rpm SHA-256: 50fe3cd121fa40d12bfddf3dc625e763386c5af2c710822e3ef7ad266a89d9f5
i386
httpd-2.2.26-41.ep6.el5.i386.rpm SHA-256: 6f28ba9de89e8ed93b23372a3aa10ddb8317b772dedb64e226353647eed3b395
httpd-devel-2.2.26-41.ep6.el5.i386.rpm SHA-256: f49a3056fdf65c743a0faa1df69cc291bb5e066d22b4a2ce944c356fa4915f94
httpd-manual-2.2.26-41.ep6.el5.i386.rpm SHA-256: 3d8d2912851fb4f46eaba440036afd03e96d5fffd0d9dda1aa514990253fdc25
httpd-tools-2.2.26-41.ep6.el5.i386.rpm SHA-256: 5f249d7f01fe2f25475259fec9d98b07f5b7466475ec4a8b83af5eb96d1c07fe
mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5.i386.rpm SHA-256: 6d0d2972aeec878bfe9b6ef949407aa27a93c1b50a2df97e68acb45bb11934c2
mod_ssl-2.2.26-41.ep6.el5.i386.rpm SHA-256: 60690c4a1e8d4826ca7fd8ca877def6958e6cdc4117fdb404b1e319f7592a8e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility