{"id":"RHSA-2016:1648","summary":"Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.1 security update on RHEL 7","modified":"2026-03-18T11:30:09.583413Z","published":"2024-09-15T23:25:01Z","upstream":["CVE-2016-2105","CVE-2016-2106","CVE-2016-3110","CVE-2016-5387"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1648"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html"},{"type":"ARTICLE","url":"https://access.redhat.com/site/documentation/"},{"type":"ARTICLE","url":"https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"},{"type":"ARTICLE","url":"https://access.redhat.com/security/vulnerabilities/httpoxy"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326320"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331441"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331536"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337155"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337397"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338646"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353755"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358118"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1648.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-2105"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-2105"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2105"},{"type":"ARTICLE","url":"https://openssl.org/news/secadv/20160503.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-2106"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-2106"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2106"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-3110"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-3110"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3110"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-5387"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-5387"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5387"},{"type":"ARTICLE","url":"https://httpoxy.org/"},{"type":"ARTICLE","url":"https://www.apache.org/security/asf-httpoxy-response.txt"}],"affected":[{"package":{"name":"httpd22","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/httpd22"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"httpd22-debuginfo","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/httpd22-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"httpd22-devel","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/httpd22-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"httpd22-manual","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/httpd22-manual"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"httpd22-tools","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/httpd22-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1-3.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl-debuginfo","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl-devel","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl-libs","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl-perl","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-openssl-static","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-static"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2h-4.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"jbcs-httpd24-runtime","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1-3.jbcs.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_cluster","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_cluster"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-1.Final_redhat_1.1.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_cluster-native","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_cluster-native"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-3.Final_redhat_2.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_cluster-native-debuginfo","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_cluster-native-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-3.Final_redhat_2.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_cluster-tomcat6","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_cluster-tomcat6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-1.Final_redhat_1.1.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_cluster-tomcat7","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_cluster-tomcat7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-1.Final_redhat_1.1.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_jk","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_jk"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.41-2.redhat_3.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_jk-ap22","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_jk-ap22"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.41-2.redhat_3.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_jk-debuginfo","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_jk-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.41-2.redhat_3.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_jk-manual","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_jk-manual"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.41-2.redhat_3.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"mod_ssl22","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/mod_ssl22"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.2.26-56.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"tomcat-native","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/tomcat-native"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.34-5.redhat_1.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}},{"package":{"name":"tomcat-native-debuginfo","ecosystem":"Red Hat:jboss_enterprise_web_server:2::el7","purl":"pkg:rpm/redhat/tomcat-native-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.34-5.redhat_1.ep6.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2016:1648.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}