jbossweb is vulnerable to denial of service (DoS). The vulnerability exists because of an incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb, leading to DoS.
access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
access.redhat.com/errata/RHSA-2020:3730
access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1875176