RHSA-2025:16668HighCVSS 8.8
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.12 on RHEL 7 security update
🔗 CVE IDs covered (6)
CVE-2024-27316 →CVE-2024-51127 →CVE-2025-48734 →CVE-2020-10705 →CVE-2023-44487 →CVE-2024-4109 · pending
📋 Description
CVE-2020-10705 — undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2024-4109 — undertow: information leakage via HTTP/2 request header reuse CVE-2024-27316 — httpd: CONTINUATION frames DoS CVE-2024-51127 — hornetq-core-client: Arbitrarily overwrite files or access sensitive information CVE-2025-48734 — commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2025:16668
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1803241
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2272325
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2323697
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2368956
- externalhttps://issues.redhat.com/browse/JBEAP-30484
- externalhttps://issues.redhat.com/browse/JBEAP-30522
- externalhttps://issues.redhat.com/browse/JBEAP-30523
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16668.json