RHSA-2026:25125HighCVSS 8.7
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2026-1605 — org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
CVE-2026-28367 — undertow: Undertow: Request smuggling via \r\r\r as a header block terminator
CVE-2026-28368 — undertow: Undertow: Request smuggling via inconsistent header parsing
CVE-2026-28369 — undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:25125
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1/html/release_notes_for_red_hat_jboss_enterprise_application_platform_8.1/index
- externalhttps://access.redhat.com/articles/7129481
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2443260
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2443261
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2443262
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2444815
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25125.json