VDB
RHSA-2016%3A2807
RHSA-2016%3A2807
PUBLISHED
CVSS 8.800000190734863 HIGH
Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-jsp-2.2-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7 | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-maven-devel | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-el-2.2-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-javadoc | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-docs-webapp | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-maven-devel | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-admin-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-log4j | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7 | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-admin-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-el-2.2-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-docs-webapp | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-lib | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-jsp-2.2-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-log4j | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-servlet-3.0-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el7 | tomcat7-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:2::el6 | tomcat7-javadoc | 0, 0 |
…and 2 more
Exploit Intelligence
- EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps (github-poc)
- EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps (github-poc)
- EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps (github-poc-repo)
- EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps (github-poc-repo)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
Timeline
- Nov 17, 2016 CVE Published
- Mar 4, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2016:2807 advisory
- https://access.redhat.com/security/updates/classification/#important article
- https://bugzilla.redhat.com/show_bug.cgi?id=1311076 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1311082 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1311085 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1311087 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1311093 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1349468 report
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2807.json advisory
- https://access.redhat.com/security/cve/CVE-2015-5346 report
- https://www.cve.org/CVERecord?id=CVE-2015-5346 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-5346 advisory
- http://seclists.org/bugtraq/2016/Feb/143 article
- https://access.redhat.com/security/cve/CVE-2015-5351 report
- https://www.cve.org/CVERecord?id=CVE-2015-5351 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-5351 advisory
- http://seclists.org/bugtraq/2016/Feb/148 article
- https://access.redhat.com/security/cve/CVE-2016-0706 report
- https://www.cve.org/CVERecord?id=CVE-2016-0706 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-0706 advisory
…and 14 more