RHSA-2025:4226HighCVSS 7.5

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update

Published
April 28, 2025
Last Modified
June 15, 2026

🔗 CVE IDs covered (17)

📋 Description

CVE-2021-3690 — undertow: buffer leak on incoming websocket PONG message may lead to DoS CVE-2021-3859 — undertow: client side invocation timeout raised when calling over HTTP2 CVE-2021-37714 — jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck CVE-2021-40690 — xml-security: XPath Transform abuse allows for information disclosure CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-2053 — undertow: Large AJP request may cause DoS CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS CVE-2022-24785 — Moment.js: Path traversal in moment.locale CVE-2022-25647 — com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-40149 — jettison: parser crash by stackoverflow CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-1973 — undertow: unrestricted request storage leads to memory exhaustion CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol

🔗 References (23)