Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2021:3741 - Security Advisory
Issued:
2021-10-06
Updated:
2021-10-06

RHSA-2021:3741 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Web Server 5.5.1 Security Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Red Hat JBoss Web Server 5.5.1 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Security Fix(es):

  • tomcat: Apache Tomcat DoS with unexpected TLS packet (CVE-2021-41079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 5 for RHEL 8 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 7 x86_64

Fixes

  • BZ - 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

CVEs

  • CVE-2021-41079

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 5 for RHEL 8

SRPM
jws5-tomcat-9.0.43-13.redhat_00013.1.el8jws.src.rpm SHA-256: b60196be2f775454dbd967d0878d73acd1ab62221493aa079f4c0e74cd8d8718
x86_64
jws5-tomcat-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: c928ef3ce1a6936589fa082515ab46cf69413ccaebbb1cb69533f7c4ddfc342d
jws5-tomcat-admin-webapps-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: 361091d49b17421e296ab3e4795155b016119c201cd3d3d41e5afeb441fa0aa1
jws5-tomcat-docs-webapp-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: f60b8c8461ee251f643a93ad9ec3d4087dd2c0c3ca75456a4f17ac9a8cf7d5dc
jws5-tomcat-el-3.0-api-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: c229aa5dba006b6d6d3c13906ecb6d2a5c496d415f9bf546a589233afa0bb715
jws5-tomcat-javadoc-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: 16942fc3a1e4fe3ecd5429b39f1589441a79d0d94e2bd8db5967c3bbe6ea9915
jws5-tomcat-jsp-2.3-api-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: 191ade99704591bbde3164f1bc2f05acb05d5682460b5928f27da01ceacd18d0
jws5-tomcat-lib-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: cfb4e4cf790c268719ac96c101dc176db460b7864dfb3dafa7df46a1e9d6358d
jws5-tomcat-selinux-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: 063844670f8ffb032e9c851090b7400b2e7bf956d1e083985c36d1065f39d9b2
jws5-tomcat-servlet-4.0-api-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: b08011aef6244fc81d263a8c8de33335fa664859b820b795a19ab25bd55fc906
jws5-tomcat-webapps-9.0.43-13.redhat_00013.1.el8jws.noarch.rpm SHA-256: c79cde84862f3ca6d9bf063ce3726c631f36e2b1ebec20e76546e5f2f486a6e9

JBoss Enterprise Web Server 5 for RHEL 7

SRPM
jws5-tomcat-9.0.43-13.redhat_00013.1.el7jws.src.rpm SHA-256: 94bd9167fe4d0e9f27dab8f155ee6d5fbbb12e70e44dcff36be0c13df290f1af
x86_64
jws5-tomcat-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: f78903a920d907dcc5714953c442e16eb55ea6b06461b938b4ee0e22954f5273
jws5-tomcat-admin-webapps-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 1e17f8f2f4cd11fb1fc19793af5fdd7ead7f69caa2336e3904f3d4c667aa23f0
jws5-tomcat-docs-webapp-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 27bbdd88eaabf84f4cbd2639333a47f948c2e95c3ce5abd821be1cb827849c33
jws5-tomcat-el-3.0-api-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: f4a19a640e95474ab1f27f1e4ab113999f7453e0582094ba059a827dfd90b3cf
jws5-tomcat-java-jdk11-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 7627bf64074d1184d3a9af0625057c62b76fe0e0697acad6ccfd81c3273649ac
jws5-tomcat-java-jdk8-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: d0ccbf83b6a29b7ecbdcfd19e25f6ca36377f47db87e988a18ed96eb7ad76ecc
jws5-tomcat-javadoc-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: b12a9dfbb57a264bed8bfd6d590459553dbe8a5952802baed21cf3b43fd3fae9
jws5-tomcat-jsp-2.3-api-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 03a5a56dde4702fb5cccd01649221b75b57b34d2c16ece0a845b7896e35900ad
jws5-tomcat-lib-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 27d21a091166971d2e604dbf44c35cebf670336597ca0821b1ae4b5797799a71
jws5-tomcat-selinux-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: e12d8fcd58c0ab58c352deeef3831cd860e97afe909faf47003dcf9905ac6bfe
jws5-tomcat-servlet-4.0-api-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 989d755acd62c1910869cdfbb7a8e67ec76a71be586d7e2321f14673c1a03d7d
jws5-tomcat-webapps-9.0.43-13.redhat_00013.1.el7jws.noarch.rpm SHA-256: 999882c752592ccdcba849fabbd9d95c03c8681d610176297d1f235570e10157

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook