Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update
🔗 CVE IDs covered (17)
📋 Description
CVE-2021-3690 — undertow: buffer leak on incoming websocket PONG message may lead to DoS CVE-2021-3859 — undertow: client side invocation timeout raised when calling over HTTP2 CVE-2021-37714 — jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck CVE-2021-40690 — xml-security: XPath Transform abuse allows for information disclosure CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-2053 — undertow: Large AJP request may cause DoS CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS CVE-2022-24785 — Moment.js: Path traversal in moment.locale CVE-2022-25647 — com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-40149 — jettison: parser crash by stackoverflow CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-1973 — undertow: unrestricted request storage leads to memory exhaustion CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
🔗 References (23)
- selfhttps://access.redhat.com/errata/RHSA-2025:4226
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1991299
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1995259
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2010378
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2011190
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2063601
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2073890
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2080850
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095862
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135771
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2185662
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209689
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2264928
- externalhttps://issues.redhat.com/browse/JBEAP-29286
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4226.json