Is Red Hat JBoss Web Server version 5 and 6 affected by CVE-2024-34750 Apache Tomcat venerability

Comments

We are encountering CVE-2024-34750 with Apache Tomcat. Currently, we are using JBoss Web Server 5.6, which includes Apache Tomcat version 9.0.50.

After researching the vulnerability, we found that upgrading Tomcat to version 9.0.90 is necessary. However, I noticed that JBoss Web Server 5.8 comes with Apache Tomcat version 9.0.87, which should address our issue.

Upon reviewing JBoss Web Server 6, I discovered it includes Apache Tomcat version 10.1.8. However, to fully mitigate the CVE, we require Tomcat version 10.1.25.

Please confirm if the mentioned CVE affects the JBoss Web Server.

Started 2024-07-08T06:55:37+00:00 by

Sumeet Singh

Newbie 5 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Is Red Hat JBoss Web Server version 5 and 6 affected by CVE-2024-34750 Apache Tomcat venerability

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links