RHSA-2020:2783: Important: Red Hat JBoss Enterprise Application Platform 6.4.23 security update
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.Security Fix(es): jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2783?
The severity of RHSA-2020:2783 is classified as moderate.
How do I fix RHSA-2020:2783?
To fix RHSA-2020:2783, it is recommended to update the Red Hat JBoss Enterprise Application Platform to version 6.4.23.
What issues does RHSA-2020:2783 address?
RHSA-2020:2783 addresses various vulnerabilities in the Red Hat JBoss Enterprise Application Platform, enhancing its security profile.
When was RHSA-2020:2783 released?
RHSA-2020:2783 was released on December 8, 2020.
Is RHSA-2020:2783 applicable to all versions of JBoss?
RHSA-2020:2783 is specifically applicable to Red Hat JBoss Enterprise Application Platform version 6.4.22 and earlier.