Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2710 - Security Advisory
Issued:
2017-09-13
Updated:
2017-09-13

RHSA-2017:2710 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Core Services security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
  • It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)
  • A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

Red Hat would like to thank OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat JBoss Core Services 1 for RHEL 6 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 6 ppc64
  • Red Hat JBoss Core Services 1 for RHEL 6 i386

Fixes

  • BZ - 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
  • BZ - 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
  • BZ - 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest

CVEs

  • CVE-2015-3185
  • CVE-2016-2183
  • CVE-2017-9788

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/documentation/en/red-hat-jboss-core-services/
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat JBoss Core Services 1 for RHEL 6

SRPM
jbcs-httpd24-httpd-2.4.23-122.jbcs.el6.src.rpm SHA-256: a2034ee12aa58ead1c669d0cff0bec82331fde1b7e4e8a2beb77658b8392bd2e
jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.src.rpm SHA-256: 2e4970ca97daca02f654fcbff429c4dcb3acd96b04feb4d6e647e287787e3e8a
x86_64
jbcs-httpd24-httpd-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 695557fe14c63473de196c69ee5f2cd24a1cf2d307b925e37dc4057d52515aa6
jbcs-httpd24-httpd-debuginfo-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 06df969abc4b68f00ea73c3aa8e98540fb78e765d9f274945de1155e28dbc71a
jbcs-httpd24-httpd-devel-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 52eb14f71c607703deb991b989a1e1860eb9a62e73de33ee26238e8528992372
jbcs-httpd24-httpd-libs-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: feccf179894c5d86dfae92fd52be994158d5dae7a64c6f809a0ed6c34dac088b
jbcs-httpd24-httpd-manual-2.4.23-122.jbcs.el6.noarch.rpm SHA-256: 8fc25aafaa5381cba8d66de206d4de587ed635a6be1cc63baf45f59e822f7078
jbcs-httpd24-httpd-selinux-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: aca396f164266be60ee3e41fea3f6c4cf38899cba71bbe2553dc4080dd1e7ee2
jbcs-httpd24-httpd-tools-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 3ecc2733d81730d7167bcba36e34157d36afec4c204b99d0296480b41989b48d
jbcs-httpd24-mod_ldap-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 7c28df4f33ec03c618c17edc1fcd3da6a62419b777b25ccaf4f3ba5e414283bb
jbcs-httpd24-mod_proxy_html-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 41b15ce6f74c4dffb38d4af2a86cd987b67ab5a017475fce94cb9e1c9d4ec46d
jbcs-httpd24-mod_session-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 8f1581e6422d0aa0b7619732e325af89daabb8900e79f7830cb24184ec27b7c7
jbcs-httpd24-mod_ssl-2.4.23-122.jbcs.el6.x86_64.rpm SHA-256: 973659792985db9df20ca9799721b956ef3cfb2c2b35b951a17b089dda6f643c
jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: af0239c9d40762d0a31edbcae831ee2720a372269465d5bb6216bf595cc02605
jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: 64de9b4ddce62eb5703566bb83970fae8109feccd3b300757e6cefa3cda8c99c
jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: 509ba07395f91fe6df88d3812b452c5c5af95876825d0e6101ab20108f4f2a42
jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: 92afa7ba60585d010a9fcf17ce2517671e574200f5a053ac25563e91a9d3b3b2
jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: 481034e1be4cf91cd91852406a97ae3de789bd18cdade49426709dde9a5aaa13
jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.x86_64.rpm SHA-256: 4c28c46af9c18163e0a34eda351d261a8c2dff951182415371c47657e6b069c2
ppc64
jbcs-httpd24-httpd-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 98bc7157f6761b9c2ab7af0fa1ad303a7ad798e8f9e6ce8ffdaaad757cc47289
jbcs-httpd24-httpd-debuginfo-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: fd06b0fc4070ad2480b47a44b54f2263de957ca014986484c1ecf8af734b3a3d
jbcs-httpd24-httpd-devel-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 4f5e814415911312140566cc5ff6852433274960a64a5fb89364870e3372c13a
jbcs-httpd24-httpd-libs-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 827f37354f414a53f8f882cc4cfc14fa5aa021b445fb33a0304cc129da928adf
jbcs-httpd24-httpd-manual-2.4.23-122.jbcs.el6.noarch.rpm SHA-256: 8fc25aafaa5381cba8d66de206d4de587ed635a6be1cc63baf45f59e822f7078
jbcs-httpd24-httpd-selinux-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: e205331452959f5aa4a6af8becaf309e6ce4f49816fa855f714a11e281e5a41f
jbcs-httpd24-httpd-tools-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 5b99b8b36dff5b1ea9309f9219e9cefb75e147856324a720caa7b7fc53c0395f
jbcs-httpd24-mod_ldap-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 77fbe1e6bc0def33f320d38e9e089c907cdc09f832231b9b850c345d7254666d
jbcs-httpd24-mod_proxy_html-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 6ebb0480b7f762b3bb9fe2c2e327b096c8dbf6c53db33360fd4be31ea0b63553
jbcs-httpd24-mod_session-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 24580b9241ecea0b363808e99d66611ea563a8264c2cec7929179668f68c45cf
jbcs-httpd24-mod_ssl-2.4.23-122.jbcs.el6.ppc64.rpm SHA-256: 715ff906339e8da956044dceddf6644e4d24c78cd73f6d179288d19481e32ab3
jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: 57d0b3a8de6bc4eb2ae785ef64ee4dea668a50079f4dba3ed1d41efd3470d4c8
jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: f0094ed775de897c06faff808eb57b6ace7b0ed5d61ff873826471cae325915a
jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: 0888934da865e916aa2cf0e88ee654a0b2ee81717ffb288326a679502d595cf1
jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: e3527ab24b023a28f929545275b47dc584bca29ee73180802457dc172498a1b1
jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: 8d8ab3c016daf879051626b7e8c0707697c78b1c19e8b267be09415d3f06dd8a
jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.ppc64.rpm SHA-256: 85e1f7ada14358f1755d25225b8304df0f16d10ccae2f3ec39dfd1463db4f333
i386
jbcs-httpd24-httpd-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 681d340e2f7bcce25bc6f4583abee49bbed90f75d1667f05f63d58a28fd7686a
jbcs-httpd24-httpd-debuginfo-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 3b15091cec66ff885331f1123fffc0fa791ac7395570f72d7d7d7cd48536f634
jbcs-httpd24-httpd-devel-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 93889dbaaa3381127dcd16904a2028d2ae2e39ba0a8052e7a6b3b2a10a4d4114
jbcs-httpd24-httpd-libs-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 7ffe0a2e024ac407a57372b8f37cc7d710f55615b9633dcc87d2980de8d301a8
jbcs-httpd24-httpd-manual-2.4.23-122.jbcs.el6.noarch.rpm SHA-256: 8fc25aafaa5381cba8d66de206d4de587ed635a6be1cc63baf45f59e822f7078
jbcs-httpd24-httpd-selinux-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 3f588bc1a8a742ca36a92b05cc89607781299241333a2e6b4513f10627bf4166
jbcs-httpd24-httpd-tools-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 9eb54da9a942e2775e4f4d2d4036dcc784a6c78d941f1422a095c521e3196033
jbcs-httpd24-mod_ldap-2.4.23-122.jbcs.el6.i686.rpm SHA-256: a8019c61b8271fbdac3983de5a2fe9ba1ddf34f67955dad48bc8a62d396349f8
jbcs-httpd24-mod_proxy_html-2.4.23-122.jbcs.el6.i686.rpm SHA-256: defb9dea336552ba1ae360cae04f8a13891387d5f710fc741da47123245ca1a3
jbcs-httpd24-mod_session-2.4.23-122.jbcs.el6.i686.rpm SHA-256: b49d9fde066d742338bd5c44e0a462f0f90b20573c992c0134532e8910536031
jbcs-httpd24-mod_ssl-2.4.23-122.jbcs.el6.i686.rpm SHA-256: 2db1f6d7085d671b4a723506d5bf3bd4c50cac1ca2fca5315c9607b7ef260a5a
jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: 0a775eed41df61fd31b8fa965a309aa7f64d0f73eb059f0592722217c8b60135
jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: 3ac01d262dd6d15308365366f443569112f78ed623d1a0435bd62eb7359c5da6
jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: 961cf60add91c711141ce2048254207c7b338345d4414abb2924cf01a8181416
jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: 6462602c950da58c796389cdb60b182d00fc049addf28fec47eeb1b2dbc3f98c
jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: fdc87087cc2448468815b13c4811a02993ca610f90f20b64c27a3a2503dde313
jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.i686.rpm SHA-256: 9e2d07e29baf645ea1ba01a8d9f29180c6809d485aa3d2e0f708f4044b03096c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility