VDB
RHSA-2020%3A5170
RHSA-2020%3A5170
PUBLISHED
CVSS 7.5 HIGH
Red Hat Security Advisory: Red Hat JBoss Web Server 5.4 security release
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat:jboss_enterprise_web_server:5.4::el6 | jws5-tomcat-admin-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el7 | jws5-tomcat-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el6 | jws5-tomcat-selinux | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el7 | jws5-tomcat-native | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el7 | jws5-tomcat-javadoc | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-native-debuginfo | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-el-3.0-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-jboss-logging | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el6 | jws5-tomcat-docs-webapp | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-jsp-2.3-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-mod_cluster | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-selinux | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-mod_cluster-tomcat | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-servlet-4.0-api | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el7 | jws5-mod_cluster | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el7 | jws5-tomcat-native-debuginfo | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el6 | jws5-tomcat-webapps | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el6 | jws5-jboss-logging | 0, 0 |
| Red Hat:jboss_enterprise_web_server:5.4::el8 | jws5-tomcat-lib | 0, 0 |
…and 25 more
Timeline
- Nov 23, 2020 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:5170 advisory
- https://access.redhat.com/security/updates/classification/#moderate article
- https://bugzilla.redhat.com/show_bug.cgi?id=1851420 report
- https://issues.redhat.com/browse/JWS-1050 article
- https://issues.redhat.com/browse/JWS-1445 article
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5170.json advisory
- https://access.redhat.com/security/cve/CVE-2020-11996 report
- https://www.cve.org/CVERecord?id=CVE-2020-11996 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-11996 advisory
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E article
- http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6 article
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56 article
- http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36 article