Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2024-29371 — jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression CVE-2025-9784 — undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability CVE-2025-12543 — undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-23184 — org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files CVE-2025-23368 — org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI CVE-2025-66412 — angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes CVE-2025-69873 — ajv: ReDoS via $data reference CVE-2026-1002 — io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files CVE-2026-24842 — node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:33371
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2339095
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2392306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2408784
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2423194
- externalhttps://issues.redhat.com/browse/JBEAP-31703
- externalhttps://issues.redhat.com/browse/JBEAP-33004
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json