Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:1203: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update

An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es):

  • openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
  • openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2021-3449: openssl: NULL pointer dereference in signature_algorithms processing
  • CVE-2021-3450: openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
Red Hat Security Data
#vulnerability#web#windows#red_hat#apache#java

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update