Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:2868 - Security Advisory
Issued:
2018-10-03
Updated:
2018-10-03

RHSA-2018:2868 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7.

Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • tomcat: Information Disclosure (CVE-2018-8037)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 5 for RHEL 7 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 6 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 6 i386

Fixes

  • BZ - 1607582 - CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up

CVEs

  • CVE-2018-8037
  • CVE-2018-11784

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 5 for RHEL 7

SRPM
jws5-tomcat-9.0.7-12.redhat_12.1.el7jws.src.rpm SHA-256: 73e353e0374cb173fccb051fc559b191e2bd53f42d71c444db40d5ad957f2c03
x86_64
jws5-tomcat-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: a115268713137e6f09e9a527d9267a235f180709454a30cd57ae3747a7a54598
jws5-tomcat-admin-webapps-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: bfa35e9c2a26efa29907159c3c3eefc0a1112b94242298884698c18b410d9d33
jws5-tomcat-docs-webapp-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: 38f911c8bcb77605a749d2a61e5dfaf60039eb92f20bcd56e421c5ebc31f5652
jws5-tomcat-el-3.0-api-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: ab47e9e1cbf21e79ca3a866f8681264dc1af0abc12217f7eecc97af0d769b328
jws5-tomcat-javadoc-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: 01cc8508d616a8491647b52c55eca7f9413d0cd53753ce6c60376695cb61ec41
jws5-tomcat-jsp-2.3-api-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: 87c83a4850541b6a73e2d8ec62667fa44888ef6019129951043875ed7dc2a057
jws5-tomcat-jsvc-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: 5b6b66279d0d98ecd575c90932cf8dbe5c62992c1ad1446778499bc27a98e67c
jws5-tomcat-lib-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: 3c7ec6f0985af2349c98cee62d5b3ea76f0ec950901f5e6e7c087260ed204e4d
jws5-tomcat-selinux-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: affc19ce5ba34cecc1aed0cc8256ed206a6b4790b71ed2681c7b88e3674f9fe9
jws5-tomcat-servlet-4.0-api-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: edec1be480a57d9c62e5e1032b4d9209ac0e61045ec374b1d095b9f86d0bf5e1
jws5-tomcat-webapps-9.0.7-12.redhat_12.1.el7jws.noarch.rpm SHA-256: a03789cc40d8fab4e70a59c56f43925baae1897d14637988c433e1d3acac6b04

JBoss Enterprise Web Server 5 for RHEL 6

SRPM
jws5-tomcat-9.0.7-12.redhat_12.1.el6jws.src.rpm SHA-256: d2f609e60d91908be6339b0577861a39a90f3e946b2ee709bbf6185bd14e04ae
x86_64
jws5-tomcat-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: b0479d379ada0514fb975299ee1b82cc4d2f82446464e29b4ec20ea760e872c8
jws5-tomcat-admin-webapps-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 8818268ac44583832cbac21b443786cefe1b1d6f6bad1dbb1a1757c827b13aab
jws5-tomcat-docs-webapp-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 916b1f05fd28ce904696f5b16d034c294c97fd3508d2ab5ae009b420078d2469
jws5-tomcat-el-3.0-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 73e0e0bde624edf4ffbe1a332dd835b81bd27ce20dbcec7aa57df07c1390c1a9
jws5-tomcat-javadoc-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 7e5eb0125887a0cdb72e9644bec9dc720517d2f7f60b9d89ccb079940acc3ab9
jws5-tomcat-jsp-2.3-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 76700b7c1746d2f14f110d3e8b2ccb5a3650178262317c471d06117d4cf8e183
jws5-tomcat-jsvc-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 726661145c52612c36b52a6bed567b6809b3b6fc27bc024c478f1ff823b943f9
jws5-tomcat-lib-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: ddf3e80ed5b725227b7516c075c6759afe16bc6ab02d7ffd2c6f6fde2e2f7f5b
jws5-tomcat-selinux-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 807bb2685d0db7145290d9445fc6c0c684322cf0e40680c190c755976de270f5
jws5-tomcat-servlet-4.0-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 3845327fd9b690037758af4c860927bfab0616e5fa6952062cd70d0be1589851
jws5-tomcat-webapps-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 78e28b80deb57613bdc8ea634513e4597a4dc0e3f6a3ee8997632340e5a2b249
i386
jws5-tomcat-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: b0479d379ada0514fb975299ee1b82cc4d2f82446464e29b4ec20ea760e872c8
jws5-tomcat-admin-webapps-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 8818268ac44583832cbac21b443786cefe1b1d6f6bad1dbb1a1757c827b13aab
jws5-tomcat-docs-webapp-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 916b1f05fd28ce904696f5b16d034c294c97fd3508d2ab5ae009b420078d2469
jws5-tomcat-el-3.0-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 73e0e0bde624edf4ffbe1a332dd835b81bd27ce20dbcec7aa57df07c1390c1a9
jws5-tomcat-javadoc-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 7e5eb0125887a0cdb72e9644bec9dc720517d2f7f60b9d89ccb079940acc3ab9
jws5-tomcat-jsp-2.3-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 76700b7c1746d2f14f110d3e8b2ccb5a3650178262317c471d06117d4cf8e183
jws5-tomcat-jsvc-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 726661145c52612c36b52a6bed567b6809b3b6fc27bc024c478f1ff823b943f9
jws5-tomcat-lib-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: ddf3e80ed5b725227b7516c075c6759afe16bc6ab02d7ffd2c6f6fde2e2f7f5b
jws5-tomcat-selinux-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 807bb2685d0db7145290d9445fc6c0c684322cf0e40680c190c755976de270f5
jws5-tomcat-servlet-4.0-api-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 3845327fd9b690037758af4c860927bfab0616e5fa6952062cd70d0be1589851
jws5-tomcat-webapps-9.0.7-12.redhat_12.1.el6jws.noarch.rpm SHA-256: 78e28b80deb57613bdc8ea634513e4597a4dc0e3f6a3ee8997632340e5a2b249

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility