Red Hat JBoss Web Server 6.2.0 Security Update Needed

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Red Hat JBoss Web Server 6.2.0 Security Update Needed

RHSA-2026:2740

Summary

A security update is available for Red Hat JBoss Web Server 6.2.0. This update fixes several security issues that could allow an attacker to access sensitive information or take control of the system. We recommend updating to the latest version as soon as possible to ensure the security of your application.

What to do

Update redhat jws6-tomcat to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-admin-webapps to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-docs-webapp to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-el-5.0-api to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-javadoc to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-jsp-3.1-api to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-lib to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-selinux to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-servlet-6.0-api to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat-webapps to version 0:10.1.49-7.redhat_00006.1.el10jws.
Update redhat jws6-tomcat to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-admin-webapps to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-docs-webapp to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-el-5.0-api to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-javadoc to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-jsp-3.1-api to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-lib to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-selinux to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-servlet-6.0-api to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat-webapps to version 0:10.1.49-7.redhat_00006.1.el8jws.
Update redhat jws6-tomcat to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-admin-webapps to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-docs-webapp to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-el-5.0-api to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-javadoc to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-jsp-3.1-api to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-lib to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-selinux to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-servlet-6.0-api to version 0:10.1.49-7.redhat_00006.1.el9jws.
Update redhat jws6-tomcat-webapps to version 0:10.1.49-7.redhat_00006.1.el9jws.

Affected software

Original title

Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release

osv CVSS3.1 6.5

https://access.redhat.com/errata/RHSA-2026:2740 Vendor Advisory
https://access.redhat.com/security/updates/classification/#moderate Third Party Advisory
https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_h... Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2369253 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2388226 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2406590 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2740.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-46701 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-46701 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-46701 Vendor Advisory
https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-55668 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-55668 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-55668 Vendor Advisory
https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6 Third Party Advisory
https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21 Third Party Advisory
https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95 Third Party Advisory
https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-55754 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-55754 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-55754 Vendor Advisory
https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb Third Party Advisory
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd Third Party Advisory

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026

Vendor	Product	Affected versions	Fix available
redhat	jws6-tomcat	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-admin-webapps	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-docs-webapp	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-el-5.0-api	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-javadoc	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-jsp-3.1-api	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-lib	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-selinux	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-servlet-6.0-api	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat-webapps	<= 0:10.1.49-7.redhat_00006.1.el10jws	0:10.1.49-7.redhat_00006.1.el10jws
redhat	jws6-tomcat	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-admin-webapps	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-docs-webapp	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-el-5.0-api	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-javadoc	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-jsp-3.1-api	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-lib	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-selinux	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-servlet-6.0-api	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat-webapps	<= 0:10.1.49-7.redhat_00006.1.el8jws	0:10.1.49-7.redhat_00006.1.el8jws
redhat	jws6-tomcat	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-admin-webapps	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-docs-webapp	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-el-5.0-api	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-javadoc	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-jsp-3.1-api	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-lib	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-selinux	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-servlet-6.0-api	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws
redhat	jws6-tomcat-webapps	<= 0:10.1.49-7.redhat_00006.1.el9jws	0:10.1.49-7.redhat_00006.1.el9jws