RHSA-2026:4924HighCVSS 9.6
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-3884 — undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded CVE-2025-4949 — org.eclipse.jgit: XXE vulnerability in Eclipse JGit CVE-2025-9784 — undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability CVE-2025-12543 — undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF CVE-2025-48913 — org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability CVE-2025-55163 — netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability CVE-2026-0603 — org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:4924
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index
- externalhttps://access.redhat.com/articles/7137599
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275287
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2367730
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2387221
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2388252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2392306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2408784
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2427147
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4924.json