Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application
Platform 6.4 security update
Advisory ID: RHSA-2020:1479-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1479
Issue date: 2020-04-14
CVE Names: CVE-2020-1938
====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise
Application
Platform 6.4.
Red Hat Product Security has rated this update as having a
security impact
of Important. A Common Vulnerability Scoring System (CVSS) base
score,
which gives a detailed severity rating, is available for each
vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat JBoss Enterprise Application Platform is a platform for
Java
applications based on the JBoss Application Server.
This asynchronous patch is a security update for the Apache
Tomcat package
in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise
Linux
5, 6, and 7. All users of Red Hat JBoss Enterprise Application
Platform 6.4
are advised to upgrade to these updated packages.
Security Fix(es):
* tomcat: Apache Tomcat AJP File Read/Inclusion
Vulnerability
(CVE-2020-1938)
For more details about the security issue(s), including the
impact, a CVSS
score, and other related information, see the CVE page(s) listed in
the
References section.
3. Solution:
Before applying this update, back up your existing Red Hat JBoss
Enterprise
Application Platform installation and deployed applications. The
JBoss
server process must be restarted for the update to take effect.
The References section of this erratum contains a download link
(you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
5. References:
https://access.redhat.com/security/cve/CVE-2020-1938
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/
6. Contact:
The Red Hat security contact is <
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXpYiNtzjgjWX9erEAQjFFw/+MoKhYpWoDE3P09oq0WpGjCrUXtM29yBA
E0o/Wvd14IqC4c6ohp8GA+EqYOUcEnLAHAgXgUhFBuwLKR0a1ypSBK4IunkKoiWB
WkcsLZ4D2mdWUtZMObvb7U3rHyz3iMiqy2MIJcVjf+Fi4ggla5S+KYhwLe/DwAV4
XPQfaXkXXtSl0u57SFlPmIsfVns0JacJhnAOHzWegfy1Za1PVyFLk/snQzWPdmCi
CwE0qi95tFfy2tCsPCiWZ4ywou55sx4surPjNXAdZ5n7bpGX1QtQ/eb8A1gYFjAY
mDvquHBMWuKlHXwASddCheFq2tqbVMbclHTMk1+gxavZXH3t8SOhxINgj8fIRw07
wjJB8XEUxAeiom1ughs1g5QK9Bhs2iNDfehxLKtupQnqtizeAOE/YOMpO0FGBGq2
2zPIVdL08FUeQNtyklNwNufCv8XynhH9HIcIZ6c+Idtypq3wk2fceHOxudArX88/
iCowTvZBIXrP7mExzymZVdV9JiDgscBxH/A3QCFnLdy87NwrSEOyHTmeMGBWao2t
mkZnWtFbvKWy3LBWY2HubcF5MDVSBJESIg06h4hd06OFCO70xQB1YzFNwAACmwak
7O9XgYgcMlVuQdJAjNxuFE/bX979hOrJIL1ehI2Yot1O+xGO669o5Cvxm86FzSB2
MnB2yFlnj/E=8xgy
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
https://www.redhat.com/mailman/listinfo/rhsa-announce
Read more https://packetstormsecurity.com/files/157229/RHSA-2020-1479-01.txt
