The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to the DoS attack when sending multiple requests with invalid payload length in a WebSocket frame.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:3731 https://access.redhat.com/errata/RHSA-2020:3731
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2020:3730 https://access.redhat.com/errata/RHSA-2020:3730
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14384
This issue has been addressed in the following products: EAP 6.4.24 release Via RHSA-2022:5458 https://access.redhat.com/errata/RHSA-2022:5458
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2022:5459 https://access.redhat.com/errata/RHSA-2022:5459
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2022:5460 https://access.redhat.com/errata/RHSA-2022:5460