VDB
RHSA-2016%3A1635
RHSA-2016%3A1635
PUBLISHED
CVSS 5 MEDIUM
Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 Service Pack 1 security update
Risk Scores
CVSS 3.0
5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-lib | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | mod_ldap24 | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-servlet-3.1-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | httpd24 | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-servlet-3.0-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | mod_proxy24_html | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | httpd24-debuginfo | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-admin-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-docs-webapp | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-lib | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-jsp-2.3-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-javadoc | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | httpd24-devel | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-log4j | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-docs-webapp | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-javadoc | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-admin-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat7-jsp-2.2-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | httpd24-tools | 0, 0 |
| Red Hat:jboss_enterprise_web_server:3.0::el7 | tomcat8-el-2.2-api | 0, 0 |
…and 9 more
Timeline
- Jul 22, 2016 PoC Published
- Aug 18, 2016 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2016:1635 advisory
- https://access.redhat.com/security/updates/classification/#important article
- https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html article
- https://access.redhat.com/security/vulnerabilities/httpoxy article
- https://access.redhat.com/solutions/2435491 article
- https://bugzilla.redhat.com/show_bug.cgi?id=1353755 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1353809 report
- https://issues.redhat.com/browse/JWS-483 article
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1635.json advisory
- https://access.redhat.com/security/cve/CVE-2016-5387 report
- https://www.cve.org/CVERecord?id=CVE-2016-5387 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-5387 advisory
- https://httpoxy.org/ article
- https://www.apache.org/security/asf-httpoxy-response.txt article
- https://access.redhat.com/security/cve/CVE-2016-5388 report
- https://www.cve.org/CVERecord?id=CVE-2016-5388 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-5388 advisory