Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:2701 - Security Advisory
Issued:
2018-09-12
Updated:
2018-09-12

RHSA-2018:2701 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Web Server 3.1.0 Service Pack 5 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.

Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 3 for RHEL 7 x86_64
  • JBoss Enterprise Web Server 3 for RHEL 6 x86_64
  • JBoss Enterprise Web Server 3 for RHEL 6 i386

Fixes

  • BZ - 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS

CVEs

  • CVE-2018-1336

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html-single/red_hat_jboss_web_server_3.1_service_pack_5_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 3 for RHEL 7

SRPM
tomcat7-7.0.70-29.ep7.el7.src.rpm SHA-256: d24dd72a6f2f308b94f5ae3704883252821e3897f22bfe3b2880aa547cb29707
tomcat8-8.0.36-33.ep7.el7.src.rpm SHA-256: fa7a347754195c31549881232ebeba8526f3adcddb782c6b209dfa1dee1ff71c
x86_64
tomcat7-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 81d270d92799aa14688fbfa83ecfcdb311d4dd7a96f95982bb80fcfc781653b6
tomcat7-admin-webapps-7.0.70-29.ep7.el7.noarch.rpm SHA-256: b3e6fd0969882633640c473b9507c35a74cccca35dbb58d33a31ac4542541bda
tomcat7-docs-webapp-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 6657659cd948e326cd59bbe4aee05fd90f5bd9f595fcc088b3f4134b95c02a2a
tomcat7-el-2.2-api-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 627d11cd54c3d8baf7a2cfcbc0ba5c8245ee7ea593096ba6420adb5d26d17318
tomcat7-javadoc-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 2bca797206d52d7b7ed83f496d5b9bffd8b6498fde674335c0db77e3265b0cea
tomcat7-jsp-2.2-api-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 3540cd80dc935dfc980d574e0f1226587369334b5fc8bbf07a371f342f192ad4
tomcat7-jsvc-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 889bb0cf8001317afed86816dedc559188bd208b45a27075026df6a1b54e2713
tomcat7-lib-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 11cebf6f669ec04ea07547dfdd2bd70da6219fa28b3e926c3d453eebcf8f63b0
tomcat7-log4j-7.0.70-29.ep7.el7.noarch.rpm SHA-256: ef6c5f37f6973cee68df95365677491518ca0509c85ca17d0a4685f6df45f8e0
tomcat7-selinux-7.0.70-29.ep7.el7.noarch.rpm SHA-256: b1d7ce869abbae6bd03d3777d030f9182383670b1d73f850bc13d2620d253c4b
tomcat7-servlet-3.0-api-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 92f2062a92b51609081d3909efb16d54041f821999e352c2f2746ab9ab8ce195
tomcat7-webapps-7.0.70-29.ep7.el7.noarch.rpm SHA-256: 600267c028e593b484a9398b2276f3dbba20a86aaa75002534205938fdec7295
tomcat8-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 246b4c4fa60b4a74e2dadce84cfba7d96eaf81edc1ad731d4f4772f1175c1b2f
tomcat8-admin-webapps-8.0.36-33.ep7.el7.noarch.rpm SHA-256: f680ce0826cd632c78636639a94e13149ff8537bdc48b72f879f9c7dd55c9b28
tomcat8-docs-webapp-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 73d9d54d03737fd3114424ae8845b23709b0882da757b10f7459ab6da0ce774c
tomcat8-el-2.2-api-8.0.36-33.ep7.el7.noarch.rpm SHA-256: ac3bfcb8484d905d9302cdd6a06b2074c4b7fdcc61d1655d06fc517e6d527309
tomcat8-javadoc-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 6c08795adb7e0dceb72c5a987bf1b9771218d8873953c0773f41398869e8d153
tomcat8-jsp-2.3-api-8.0.36-33.ep7.el7.noarch.rpm SHA-256: b782a7356ea0c8ee18789ff48fccdadeb3c13483f4669d26981abac1ebdc2a5b
tomcat8-jsvc-8.0.36-33.ep7.el7.noarch.rpm SHA-256: b2110d11ca95e68f7e526ef0e23e1165fda2f488e126ff7c892fdc5593024973
tomcat8-lib-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 176b2f014a51b94bc5f08e3f74b95927a8330f0b1cd6f946d9c911e593d1d2a4
tomcat8-log4j-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 49047b7d0e5b22226e0d2323250ef67f67e26cbac43c2cdf8182c3cd36c630e1
tomcat8-selinux-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 2e92cc25d0758097391aadd021ebbec3a5e4d3573bde2daa06850911cb30a11c
tomcat8-servlet-3.1-api-8.0.36-33.ep7.el7.noarch.rpm SHA-256: 69e7f5a0959a3637f35f2ab2b28a7eff370828cede7f93cb307fbe4884e4a710
tomcat8-webapps-8.0.36-33.ep7.el7.noarch.rpm SHA-256: dae4549c005e6eb7ccb3b950ce759cc6663a8442e0e8a2e6e971d772556af670

JBoss Enterprise Web Server 3 for RHEL 6

SRPM
tomcat7-7.0.70-29.ep7.el6.src.rpm SHA-256: 95b10bf8f0e3e320198a2636fba8cc8ca7f35d0118b72ee1caa3cb9cfa0b9026
tomcat8-8.0.36-33.ep7.el6.src.rpm SHA-256: bfe002ee27dca1f55de0eedf4b13f9d4a25aaf541da9da45cb7687b804c963c4
x86_64
tomcat7-7.0.70-29.ep7.el6.noarch.rpm SHA-256: b5d7107954c8f7dba8e854b1f80f9d2d10058ba2e3b66916ba957e9d54989b8b
tomcat7-admin-webapps-7.0.70-29.ep7.el6.noarch.rpm SHA-256: a0794c021402bd4acccb7d5c28747e3b4a0632716ec32b550d6861e55ef3ee2a
tomcat7-docs-webapp-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 9f84b09f361a0605dbbb0997865332980d5f9476a811407f248d642b79037eaf
tomcat7-el-2.2-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 9caa5a05f4424441d6c53a4b8841058ec56ae4ba7b597af1a16f592be88ae0d5
tomcat7-javadoc-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 1354d9b831305378535a85dcd7fbfd04dc94bcc9421c935886cbc6d9ad46c121
tomcat7-jsp-2.2-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: d3b9491d69481b9a44a36e4bc662fc49a6d5ee4f13b37bc67e241c77b48811fd
tomcat7-jsvc-7.0.70-29.ep7.el6.noarch.rpm SHA-256: e6f9f115fdc0099bce4ee709d62f5f3ba452d2a68061675e2f95c3700019e6a6
tomcat7-lib-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 71c57138d6fd936dba014245f116658e288f4b19a18fd47ba8c32622f4d4ea47
tomcat7-log4j-7.0.70-29.ep7.el6.noarch.rpm SHA-256: fa2aa8de6ef0fc6b1938e19c883556729fd9720b97c116ee16b61dac0f221211
tomcat7-selinux-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 06231060bdb7090577b10a1a2b6981eca3e8c71b985eed55da123485d73453b3
tomcat7-servlet-3.0-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: ba91d4c08af8b230292f53c991424b00834c296148a3c405330e9ba4e439b004
tomcat7-webapps-7.0.70-29.ep7.el6.noarch.rpm SHA-256: c46015ecf2f2e271358679537406c8b3c25c1a46a9d98cefc9a3941d58aa7a3a
tomcat8-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 57d9006170d71cde93b5caeb93b4d30a2469a7072b2603b0793d659366f5b11c
tomcat8-admin-webapps-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 9d3a8afb012a95a85ed4431ccad1778ce9ebe3ba900fde38045320386593be9d
tomcat8-docs-webapp-8.0.36-33.ep7.el6.noarch.rpm SHA-256: bcf8b43368b670d6d949062eaae508184107826e15ae40eac4e0fd615315a707
tomcat8-el-2.2-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 6bb47bb112b1676ffbed7892439c4f57584d40537a5097ae2db78b5b2bb9e3da
tomcat8-javadoc-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 9cce3c88ea135c75bcc3db8666cd652e24c8ca2f73618980711dc253a6eea3b6
tomcat8-jsp-2.3-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 4526a41bb8f9b21001d997e0ba832559d856d9bb61db6a9996528b635b9b646b
tomcat8-jsvc-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 5145c54c977b5fb56c6971a2807098f73ac25c9623a8efefb02a7045eaae9d02
tomcat8-lib-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 8a6a5e9caaf9244595eb032d7f2223fac170d9352e7c4727bd0c6ecb56115704
tomcat8-log4j-8.0.36-33.ep7.el6.noarch.rpm SHA-256: b9eac59e2252ceb2f6fd06a4e5b5c259e4bcf8e3ac9706586c3f68fa16b20087
tomcat8-selinux-8.0.36-33.ep7.el6.noarch.rpm SHA-256: f9bbc779eeb5ae4b3ccd1779732900dfc281f1411705613d1e3cd877265aa9a6
tomcat8-servlet-3.1-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: c1cbc9400c1cb5953364661332b5ebe031e2ddd3e0619c98ad736eaffecaed4d
tomcat8-webapps-8.0.36-33.ep7.el6.noarch.rpm SHA-256: d35c258b88f473083d3973ab60d89bb4145eec593e397bacaecf2346f734c46b
i386
tomcat7-7.0.70-29.ep7.el6.noarch.rpm SHA-256: b5d7107954c8f7dba8e854b1f80f9d2d10058ba2e3b66916ba957e9d54989b8b
tomcat7-admin-webapps-7.0.70-29.ep7.el6.noarch.rpm SHA-256: a0794c021402bd4acccb7d5c28747e3b4a0632716ec32b550d6861e55ef3ee2a
tomcat7-docs-webapp-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 9f84b09f361a0605dbbb0997865332980d5f9476a811407f248d642b79037eaf
tomcat7-el-2.2-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 9caa5a05f4424441d6c53a4b8841058ec56ae4ba7b597af1a16f592be88ae0d5
tomcat7-javadoc-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 1354d9b831305378535a85dcd7fbfd04dc94bcc9421c935886cbc6d9ad46c121
tomcat7-jsp-2.2-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: d3b9491d69481b9a44a36e4bc662fc49a6d5ee4f13b37bc67e241c77b48811fd
tomcat7-jsvc-7.0.70-29.ep7.el6.noarch.rpm SHA-256: e6f9f115fdc0099bce4ee709d62f5f3ba452d2a68061675e2f95c3700019e6a6
tomcat7-lib-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 71c57138d6fd936dba014245f116658e288f4b19a18fd47ba8c32622f4d4ea47
tomcat7-log4j-7.0.70-29.ep7.el6.noarch.rpm SHA-256: fa2aa8de6ef0fc6b1938e19c883556729fd9720b97c116ee16b61dac0f221211
tomcat7-selinux-7.0.70-29.ep7.el6.noarch.rpm SHA-256: 06231060bdb7090577b10a1a2b6981eca3e8c71b985eed55da123485d73453b3
tomcat7-servlet-3.0-api-7.0.70-29.ep7.el6.noarch.rpm SHA-256: ba91d4c08af8b230292f53c991424b00834c296148a3c405330e9ba4e439b004
tomcat7-webapps-7.0.70-29.ep7.el6.noarch.rpm SHA-256: c46015ecf2f2e271358679537406c8b3c25c1a46a9d98cefc9a3941d58aa7a3a
tomcat8-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 57d9006170d71cde93b5caeb93b4d30a2469a7072b2603b0793d659366f5b11c
tomcat8-admin-webapps-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 9d3a8afb012a95a85ed4431ccad1778ce9ebe3ba900fde38045320386593be9d
tomcat8-docs-webapp-8.0.36-33.ep7.el6.noarch.rpm SHA-256: bcf8b43368b670d6d949062eaae508184107826e15ae40eac4e0fd615315a707
tomcat8-el-2.2-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 6bb47bb112b1676ffbed7892439c4f57584d40537a5097ae2db78b5b2bb9e3da
tomcat8-javadoc-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 9cce3c88ea135c75bcc3db8666cd652e24c8ca2f73618980711dc253a6eea3b6
tomcat8-jsp-2.3-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 4526a41bb8f9b21001d997e0ba832559d856d9bb61db6a9996528b635b9b646b
tomcat8-jsvc-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 5145c54c977b5fb56c6971a2807098f73ac25c9623a8efefb02a7045eaae9d02
tomcat8-lib-8.0.36-33.ep7.el6.noarch.rpm SHA-256: 8a6a5e9caaf9244595eb032d7f2223fac170d9352e7c4727bd0c6ecb56115704
tomcat8-log4j-8.0.36-33.ep7.el6.noarch.rpm SHA-256: b9eac59e2252ceb2f6fd06a4e5b5c259e4bcf8e3ac9706586c3f68fa16b20087
tomcat8-selinux-8.0.36-33.ep7.el6.noarch.rpm SHA-256: f9bbc779eeb5ae4b3ccd1779732900dfc281f1411705613d1e3cd877265aa9a6
tomcat8-servlet-3.1-api-8.0.36-33.ep7.el6.noarch.rpm SHA-256: c1cbc9400c1cb5953364661332b5ebe031e2ddd3e0619c98ad736eaffecaed4d
tomcat8-webapps-8.0.36-33.ep7.el6.noarch.rpm SHA-256: d35c258b88f473083d3973ab60d89bb4145eec593e397bacaecf2346f734c46b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter