Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update

CVE-2026-24880 — Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension CVE-2026-25854 — Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve CVE-2026-29145 — Apache Tomcat: Apache Tomcat: Authentication bypass due to CLIENT_CERT soft fail misconfiguration CVE-2026-29146 — Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor CVE-2026-34483 — Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve CVE-2026-34487 — Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files CVE-2026-34500 — Apache Tomcat: Apache Tomcat: Authentication bypass via client certificate misconfiguration