RHSA-2019:3931: Important: Red Hat JBoss Web Server 5.2 security release
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (modcluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.<br>Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.<br>Security Fix(es):<br><li> openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) </li> <li> tomcat: XSS in SSI printenv (CVE-2019-0221) </li> <li> openssl: 0-byte record padding oracle (CVE-2019-1559) </li> <li> tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)</li> <li> tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:3931?
The severity of RHSA-2019:3931 is categorized as critical due to potential exploitation risks.
How do I fix RHSA-2019:3931?
To fix RHSA-2019:3931, update your Red Hat JBoss Web Server to the latest version as recommended in the advisory.
What vulnerabilities are addressed in RHSA-2019:3931?
RHSA-2019:3931 addresses multiple vulnerabilities in components like Apache Tomcat and JBoss HTTP Connector.
Is RHSA-2019:3931 applicable to all versions of Red Hat JBoss Web Server?
RHSA-2019:3931 is applicable only to specific versions of Red Hat JBoss Web Server that are mentioned in the advisory.
What are the potential impacts of not addressing RHSA-2019:3931?
Not addressing RHSA-2019:3931 could lead to unauthorized access, data breaches, or deterioration of service integrity.