Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update
🔗 CVE IDs covered (7)
📋 Description
CVE-2025-11143 — org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing CVE-2026-2332 — org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing CVE-2026-34477 — org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification CVE-2026-34478 — org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames CVE-2026-34479 — org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping CVE-2026-34480 — org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging CVE-2026-34481 — org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:21773
- externalhttps://access.redhat.com/products/red-hat-offline-knowledge-portal
- externalhttps://access.redhat.com/security/cve/CVE-2025-11143
- externalhttps://access.redhat.com/security/cve/CVE-2026-2332
- externalhttps://access.redhat.com/security/cve/CVE-2026-34477
- externalhttps://access.redhat.com/security/cve/CVE-2026-34478
- externalhttps://access.redhat.com/security/cve/CVE-2026-34479
- externalhttps://access.redhat.com/security/cve/CVE-2026-34480
- externalhttps://access.redhat.com/security/cve/CVE-2026-34481
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21773.json