CVE-2014-8111
Find out more about CVE-2014-8111 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Application Platform 4 and 5, and Red Hat JBoss Web Server 1. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/.
This issue did not affect Red Hat JBoss Web Server 3.x. This issue does affect Red Hat JBoss Web Server 2.x; a future update may address this issue.
CVSS v2 metrics
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (mod_jk) | RHSA-2015:0847 | 2015-04-16 |
| Red Hat JBoss Web Server 2.1 | RHSA-2015:1641 | 2015-08-18 |
| Red Hat JBoss Enterprise Application Platform 6.4 | RHSA-2015:0849 | 2015-04-16 |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server (mod_jk) | RHSA-2015:0848 | 2015-04-16 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (mod_jk) | RHSA-2015:1642 | 2015-08-18 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (mod_jk) | RHSA-2015:1642 | 2015-08-18 |
| Red Hat JBoss Web Server 3.0 for RHEL 6 (mod_jk) | RHEA-2015:1771 | 2015-09-10 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server (mod_jk) | RHSA-2015:1642 | 2015-08-18 |
| Red Hat JBoss Web Server 3.0 for RHEL 7 (mod_jk) | RHEA-2015:1770 | 2015-09-10 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (mod_jk) | RHSA-2015:0846 | 2015-04-16 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss EWS 1 | mod_jk | Will not fix |
| Red Hat JBoss EAP 5 | mod_jk | Will not fix |
| Red Hat JBoss EAP 4 | mod_jk | Will not fix |
