Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:0131 - Security Advisory
Issued:
2019-01-22
Updated:
2019-01-22

RHSA-2019:0131 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.

Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • tomcat: host name verification missing in WebSocket client (CVE-2018-8034)
  • tomcat: Open redirect in default servlet (CVE-2018-11784)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 3 for RHEL 7 x86_64
  • JBoss Enterprise Web Server 3 for RHEL 6 x86_64
  • JBoss Enterprise Web Server 3 for RHEL 6 i386

Fixes

  • BZ - 1607580 - CVE-2018-8034 tomcat: host name verification missing in WebSocket client
  • BZ - 1636512 - CVE-2018-11784 tomcat: Open redirect in default servlet

CVEs

  • CVE-2018-8034
  • CVE-2018-11784

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 3 for RHEL 7

SRPM
tomcat-native-1.2.17-18.redhat_18.ep7.el7.src.rpm SHA-256: 149c0f230603227b7716695fb7ffdaa14d8243adcccebfaee4027112374fef32
tomcat7-7.0.70-31.ep7.el7.src.rpm SHA-256: 0b0304195ad45d49f212c81c0eb5a91ecd9c9968c165934275e1327cc5e80a11
tomcat8-8.0.36-35.ep7.el7.src.rpm SHA-256: fa7b0d1ccc592a34f270dabc852a18b60a45dfd71dd1b2001d1b6c73c789eb59
x86_64
tomcat-native-1.2.17-18.redhat_18.ep7.el7.x86_64.rpm SHA-256: 25c5c74cd0b2ed698fdb680086d9c1a9edffd7ec3f023fa83dcf96989012185c
tomcat-native-debuginfo-1.2.17-18.redhat_18.ep7.el7.x86_64.rpm SHA-256: db1547779bfd5cfb9b903aa5c23bd30a0c9ff7692482972b60599220b48e165e
tomcat7-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 017f4ac6e934f58f25a509f020cc4a00f0944ef92f4872809e3413d3d762de80
tomcat7-admin-webapps-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 4ddab1fdf67b5244ac854d888e06cd658efb3c6df395dfec723927f5185061a2
tomcat7-docs-webapp-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 2486ced26cb2b16e9c19f720b7edc52391ff518c1442227715aae46107bb7556
tomcat7-el-2.2-api-7.0.70-31.ep7.el7.noarch.rpm SHA-256: c73cb2b214a62542970cbce84bcf424512370e93e1f72b8fc7f62fe1ebb200b0
tomcat7-javadoc-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 50f5b496a7b18247d638390eb1117bd2599e6e540c8ec8b59372c1d749f21b20
tomcat7-jsp-2.2-api-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 7a0dd70ccc25d0f2e3312fdd75d094d06c6d3e94a3bd9d487d3ed964f2728b58
tomcat7-jsvc-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 8ee72679f5ef3c7ddc7575e185f5466fbb27cff8bd1bffba4b70ddfbfd1e2b57
tomcat7-lib-7.0.70-31.ep7.el7.noarch.rpm SHA-256: de5076719caa7c6ce2c1ecbdd77dcecd0dfcbe2d63d16df896319b5394060039
tomcat7-log4j-7.0.70-31.ep7.el7.noarch.rpm SHA-256: ea60723ef6af756070766057c93f1dce1bde76c36eae1caa6369d88f5431ff64
tomcat7-selinux-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 60aa3b066b63c3e73e3bad694c9d1aec4358a3b7699aa1687a25ee518b985805
tomcat7-servlet-3.0-api-7.0.70-31.ep7.el7.noarch.rpm SHA-256: 323916da1a8170ea4ca419b7a6d56d7fe3ede82ae61daa728e60216f7adf64c0
tomcat7-webapps-7.0.70-31.ep7.el7.noarch.rpm SHA-256: d592254c2422a0a6f79f1cd2849d47c31322f55b45cb3fa5609d1737cc3f7be7
tomcat8-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 96ae1f757ab5ab0bbe6ddfa9e591dd53e4a777b38422c2ec2b42162c8f9e879e
tomcat8-admin-webapps-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 89d44186c9a6bf74fd8cdbf5eb7ade43bbfe5cd94c2f48b0d201f3c0fcb5b7a7
tomcat8-docs-webapp-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 290a365c0ad7de54a266224d384ac3e895737859292b50c5fab189aeed940ba0
tomcat8-el-2.2-api-8.0.36-35.ep7.el7.noarch.rpm SHA-256: f810b3c9b0c8a6a401ac5f6243dd57193403699c2717a96c5330fa8f85668590
tomcat8-javadoc-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 0dc0853a8ca373078badba6ca9aece6c9bc256182e443183a3d5ac8c896a50af
tomcat8-jsp-2.3-api-8.0.36-35.ep7.el7.noarch.rpm SHA-256: a564727d6060d6547fd16b1df1ca6d1b5c84de0d343db755b7b100c941b91ada
tomcat8-jsvc-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 53f44948d1635ae436e84ebfc3d18068a8f63b7985926cf192ccc5324591a25b
tomcat8-lib-8.0.36-35.ep7.el7.noarch.rpm SHA-256: 1a3e95212352fa07cc5eafb5912058bc6940108b3ce9ef478651ef90190bc5ab
tomcat8-log4j-8.0.36-35.ep7.el7.noarch.rpm SHA-256: b242a8bedc46b92a016e113d15b1d69c53a22047fd30b454122e0452fb578ca0
tomcat8-selinux-8.0.36-35.ep7.el7.noarch.rpm SHA-256: b74f18f2e6b7d4e07a2f0eac3b16e5903af9e4f0c8a0ebfc5ef6ba57d9eb2758
tomcat8-servlet-3.1-api-8.0.36-35.ep7.el7.noarch.rpm SHA-256: f785d083a68b24fd21d4c59c35d013f6907ab19bae3822820df95d99d1aa4a2e
tomcat8-webapps-8.0.36-35.ep7.el7.noarch.rpm SHA-256: df7183c0008c6e0971bf380cded3acebb14f4637ca9da3d3678b8de4669c4a07

JBoss Enterprise Web Server 3 for RHEL 6

SRPM
tomcat-native-1.2.17-18.redhat_18.ep7.el6.src.rpm SHA-256: 81c3ec6687aaa6cb1e695588b8652691506bbe67f2051fd8c6b484b1974a937c
tomcat7-7.0.70-31.ep7.el6.src.rpm SHA-256: ea9bb3f2cde0b8173e2acd9c1329f5532ba0963120b18d8f3606a0709128f4ed
tomcat8-8.0.36-35.ep7.el6.src.rpm SHA-256: 592f983010f8b201e44ee009d07019ef6ad94e713d94d69d0525ba97a27f24b7
x86_64
tomcat-native-1.2.17-18.redhat_18.ep7.el6.x86_64.rpm SHA-256: 69c3f393d90053f3df7964c58f228150945051b3fa7277b4f0e1d8095cfa01c7
tomcat-native-debuginfo-1.2.17-18.redhat_18.ep7.el6.x86_64.rpm SHA-256: 32f86f1aef67ff382a5f9ca6b95f2dd96b1ccd11c0dd9b213bc1a2a596236120
tomcat7-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 84c75b1069be30a22d45e61f0cd4d66367f7cfb37445a4f82bb9dcf495e636dc
tomcat7-admin-webapps-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 3f4a66d04272a1b28db5d8c52e16561b9347332195d8771514e47bfea09859e5
tomcat7-docs-webapp-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 50783a45d845b550cc3514a9684ee7c43ce8b521f4dcf8ba09e99e5e14bf4867
tomcat7-el-2.2-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: bfe5f40f1db8a520fc740975f0ae37c0158fdbfb549bb40ac282e0054c79b239
tomcat7-javadoc-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 30d66487020f65f318ed76b3ce9d10dc7b111d1dc18ff18de917eba4c7ce21fc
tomcat7-jsp-2.2-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 8551dbc390b64c2026251e11f06a85ac2af1c79f27c0b79c064e99243e67a5cd
tomcat7-jsvc-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 4726dda9618a8708f55840fdcc9efca43bad60677a28f588546f66287e5a394d
tomcat7-lib-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 72c9ed0b9f95176fcf2462aa0df63d963c18f32e9e6ab0b7949d1380a5d01fc7
tomcat7-log4j-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 17f9661524fbba354eb173fd0efbfe9ede553ba0524cd0db309d01ffd191c4e2
tomcat7-selinux-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 734c9ba9a70ee837f109e53f1f1b05b0246c7d4bce7f5469ab8f89017ef3433a
tomcat7-servlet-3.0-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 4666eec834f321e3bb3b8a0359b0239c78c18a1663064417d63df5c2f6a6a5e4
tomcat7-webapps-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 193225cf305c7e1e1fc82565e3cd8ef69696a7c3fa508b529e21c3d79cd9e95b
tomcat8-8.0.36-35.ep7.el6.noarch.rpm SHA-256: f05d9fe494a9b4a91bce0c2c96cd626b30dbc57b233c95c503627d472e674cb8
tomcat8-admin-webapps-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 738ca9731e63ddd356a741e547b26dac708a006231125f2b90700436bc6688f2
tomcat8-docs-webapp-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 62728e662251f434a382feb85dc2d52932e36126574f0c2e82299bc31830ff45
tomcat8-el-2.2-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 4b482eda259082d6fbfc1f05838e604d77dd86e22503d7fbf2d5e79a73147a09
tomcat8-javadoc-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 7a624064992c893a582942cba73d4f88b5793460c62df9a3c3874074042d182f
tomcat8-jsp-2.3-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 8e6094355428d2a85b52f8db2a87d286e52b65a4436e71259ed7642a1f28d054
tomcat8-jsvc-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 0c70f5eafc3f0434409920a5305284a4a73198a287fbf5b86da1f8b23c2641ad
tomcat8-lib-8.0.36-35.ep7.el6.noarch.rpm SHA-256: bc6e488b7cbc3c31ccf757ad2b88c517cb1170ff4ca2ad4894f3074d7e83a640
tomcat8-log4j-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 18a85bbd5f5b14910c9132a9777703ab629de537bdfbef27e2975bdb7f530608
tomcat8-selinux-8.0.36-35.ep7.el6.noarch.rpm SHA-256: d1e4133d926892c5f4eb32e1567132350525bee86617750e103aef91cb90bd15
tomcat8-servlet-3.1-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 1a61da846f2da4e0028632cf6039c96538d7fe86bec295b7cd613f5f4571d6ed
tomcat8-webapps-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 1bd94d086ba23324b3eedc19e8584d69d4c86785cdd31d3a6bcac89658e04504
i386
tomcat-native-1.2.17-18.redhat_18.ep7.el6.i686.rpm SHA-256: 79dec4318d7f1f9b29f048130a04d2ee6277d04543b397b28fa007d1963de20c
tomcat-native-debuginfo-1.2.17-18.redhat_18.ep7.el6.i686.rpm SHA-256: 611faeadda62d7ebbb521a77a52f3efbcb752e2ddad76ac6ee7acad5744a7854
tomcat7-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 84c75b1069be30a22d45e61f0cd4d66367f7cfb37445a4f82bb9dcf495e636dc
tomcat7-admin-webapps-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 3f4a66d04272a1b28db5d8c52e16561b9347332195d8771514e47bfea09859e5
tomcat7-docs-webapp-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 50783a45d845b550cc3514a9684ee7c43ce8b521f4dcf8ba09e99e5e14bf4867
tomcat7-el-2.2-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: bfe5f40f1db8a520fc740975f0ae37c0158fdbfb549bb40ac282e0054c79b239
tomcat7-javadoc-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 30d66487020f65f318ed76b3ce9d10dc7b111d1dc18ff18de917eba4c7ce21fc
tomcat7-jsp-2.2-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 8551dbc390b64c2026251e11f06a85ac2af1c79f27c0b79c064e99243e67a5cd
tomcat7-jsvc-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 4726dda9618a8708f55840fdcc9efca43bad60677a28f588546f66287e5a394d
tomcat7-lib-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 72c9ed0b9f95176fcf2462aa0df63d963c18f32e9e6ab0b7949d1380a5d01fc7
tomcat7-log4j-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 17f9661524fbba354eb173fd0efbfe9ede553ba0524cd0db309d01ffd191c4e2
tomcat7-selinux-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 734c9ba9a70ee837f109e53f1f1b05b0246c7d4bce7f5469ab8f89017ef3433a
tomcat7-servlet-3.0-api-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 4666eec834f321e3bb3b8a0359b0239c78c18a1663064417d63df5c2f6a6a5e4
tomcat7-webapps-7.0.70-31.ep7.el6.noarch.rpm SHA-256: 193225cf305c7e1e1fc82565e3cd8ef69696a7c3fa508b529e21c3d79cd9e95b
tomcat8-8.0.36-35.ep7.el6.noarch.rpm SHA-256: f05d9fe494a9b4a91bce0c2c96cd626b30dbc57b233c95c503627d472e674cb8
tomcat8-admin-webapps-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 738ca9731e63ddd356a741e547b26dac708a006231125f2b90700436bc6688f2
tomcat8-docs-webapp-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 62728e662251f434a382feb85dc2d52932e36126574f0c2e82299bc31830ff45
tomcat8-el-2.2-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 4b482eda259082d6fbfc1f05838e604d77dd86e22503d7fbf2d5e79a73147a09
tomcat8-javadoc-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 7a624064992c893a582942cba73d4f88b5793460c62df9a3c3874074042d182f
tomcat8-jsp-2.3-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 8e6094355428d2a85b52f8db2a87d286e52b65a4436e71259ed7642a1f28d054
tomcat8-jsvc-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 0c70f5eafc3f0434409920a5305284a4a73198a287fbf5b86da1f8b23c2641ad
tomcat8-lib-8.0.36-35.ep7.el6.noarch.rpm SHA-256: bc6e488b7cbc3c31ccf757ad2b88c517cb1170ff4ca2ad4894f3074d7e83a640
tomcat8-log4j-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 18a85bbd5f5b14910c9132a9777703ab629de537bdfbef27e2975bdb7f530608
tomcat8-selinux-8.0.36-35.ep7.el6.noarch.rpm SHA-256: d1e4133d926892c5f4eb32e1567132350525bee86617750e103aef91cb90bd15
tomcat8-servlet-3.1-api-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 1a61da846f2da4e0028632cf6039c96538d7fe86bec295b7cd613f5f4571d6ed
tomcat8-webapps-8.0.36-35.ep7.el6.noarch.rpm SHA-256: 1bd94d086ba23324b3eedc19e8584d69d4c86785cdd31d3a6bcac89658e04504

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility