Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.11 on RHEL 7 security update
🔗 CVE IDs covered (14)
📋 Description
CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-13949 — libthrift: potential DoS when processing untrusted payloads CVE-2020-25638 — hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used CVE-2020-25644 — wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL CVE-2020-27782 — undertow: special character in query results in server errors CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-28170 — jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1259 — undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2023-5379 — undertow: AJP Request closes connection exceeding maxRequestSize CVE-2024-1233 — EAP: wildfly-elytron has a SSRF security issue
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2025:9582
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1881353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1885485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1901304
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928172
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1965497
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072339
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2124682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153260
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242099
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262849
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262918
- externalhttps://issues.redhat.com/browse/JBEAP-29413
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9582.json