Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update
🔗 CVE IDs covered (14)
📋 Description
CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1259 — undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-2053 — undertow: Large AJP request may cause DoS CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2023-1108 — Undertow: Infinite loop in SslConduit during close CVE-2023-1973 — undertow: unrestricted request storage leads to memory exhaustion CVE-2023-3223 — undertow: OutOfMemoryError due to @MultipartConfig handling CVE-2023-5379 — undertow: AJP Request closes connection exceeding maxRequestSize CVE-2024-1233 — EAP: wildfly-elytron has a SSRF security issue CVE-2024-1635 — undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
🔗 References (22)
- selfhttps://access.redhat.com/errata/RHSA-2025:9583
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072339
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2073890
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2095862
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2124682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2153260
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2185662
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209689
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242099
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262849
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262918
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2264928
- externalhttps://issues.redhat.com/browse/JBEAP-29448
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9583.json