-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 5.4 security release Advisory ID: RHSA-2020:5173-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:5173 Issue date: 2020-11-23 CVE Names: CVE-2020-11996 ==================================================================== 1. Summary: Red Hat JBoss Web Server 5.4.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 5. References: https://access.redhat.com/security/cve/CVE-2020-11996 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=5.4 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/5.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX7ul9dzjgjWX9erEAQgqxQ//SfGSZr9GwK+yquxYuoMPbAdrTcKNgL3X iPiuaM0fqhPxN5MB3C/E9IF2pEXs3ZyxdgCDk4oMkvbI8MiSxRIuDNw0ZSOx8zze ew3inZJSeQ7QcMQkiHUnWEsm4L61zp+ua1UFIEV9Ts/WfYJ45k0NCXtXFalJYN4Y +NYTrgKGYKMPemY9NO0/AaGRtVnL8ZVpAELPEHR9rqpzrclSLwx/de5G09foRu2L dDE74wMpEx2zwaBSIC2lYZaQkLCQFt4FEZ3EkVeKn5b1S33JOwo/u1VkeB4FvTKG FA3R9Ac0dukzfwF4Fce6j0JFy9lCmBWoeXUYK6jsF+ETadk3vhSgXBZhzXCVPWLS tnXYJZ/hQnun8KJUNO9bHxTb6nveoj8or+9uvlsUsd8Bc7izJvdJoWF9QT9uIBkm m0D+UJ3UUW2fvOwitFnocTF0i7Cl1qAOSorspfOMu5w7J50rPTLwlZWNTmbo6qEX wNv6qcgeVVwf7jYaRHXCh5dtTUxstt0v/j6LI+YuB5OxBr4ETdefcVnOf7eICtrW Zrg/8Q0ZW9SXgFcAFlTbQI0nb3CTpr3by6UCZmMgL4Xrxkn91THCxtId1JU77SBb Y0g+Q39pyasF7VCOLTmkJJGVSescbpoNCXQDoF9qEefK97lZFRPEvfNuTAfpMWnq nPbesFehzNs=aLTD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce