RHSA-2025:9583HighCVSS 7.5

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update

Published
June 25, 2025
Last Modified
June 26, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1259 — undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-2053 — undertow: Large AJP request may cause DoS CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-1973 — undertow: unrestricted request storage leads to memory exhaustion CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-5379 — undertow: AJP Request closes connection exceeding maxRequestSize CVE-2024-1233 — EAP: wildfly-elytron has a SSRF security issue CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol

🔗 References (22)