
[CIVN-2026-0353] Multiple Vulnerabilities in RedHat JBoss Enterprise Application
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in RedHat JBoss Enterprise Application
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Red Hat JBoss Enterprise Application Platform 7.3 EUS 7.3 x86_64
Red Hat JBoss Enterprise Application Platform 7.1 EUS 7.1 x86_64
Overview
Multiple vulnerabilities have been reported in Red Hat JBoss Enterprise Application Platform which could allow a remote attacker to cause denial-of-service (DoS), perform server-side request forgery (SSRF), poison web caches, or potentially expose sensitive information on the targeted system.
Target Audience:
Large scale enterprises and organizations using Red Hat JBoss Products.
Risk Assessment:
High risk of service disruption, unauthorized access to internal resources, cache manipulation, and potential exposure of sensitive information.
Impact Assessment:
Potential for sensitive data exposure, unauthorized access to internal resources, cache poisoning, and disruption of service.
Description
Red Hat JBoss is a Java-based server that provides a secure, scalable, and high-performance environment for developing, deploying, and managing enterprise applications.
These vulnerabilities exist in Red Hat JBoss Enterprise Application due to improper validation of HTTP Host headers, insufficient handling of malformed HTTP/2 requests, insecure processing of temporary files, and improper handling of malicious JSON Web Encryption (JWE) tokens. A remote attacker could exploit these weaknesses by sending specially crafted requests or malicious input.
Successful exploitation of these vulnerabilities could allow an attacker to cause denial-of-service (DoS), perform server-side request forgery (SSRF), poison web caches, or potentially expose sensitive information on the targeted system.
Solution
Apply appropriate Updates as mentioned:
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:33372
Vendor Information
RedHat
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:33372
References
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:33372
CVE Name
CVE-2025-9784
CVE-2025-12543
CVE-2025-23184
CVE-2024-29371
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpH1AsACgkQ3jCgcSdc
ys/NIA/+NcWXDH6WiA3azSh04sA60b/ivCyviTRRv94R5qE3NX8U2WRgA0Wd3K+t
HXjhnSnZrcuARQGE96IaD3rsr+DF/szbbisupqKPIQfGPcDwKRWV55pfasIK/5b0
ATppGOxkBCPt1y8rYAcmXW9tA5ZUiOMtWKc/c4vX4UwngPJb5DXyia6mqPuE2NHx
h73BsPPRZjbG/2uxFFyri27kGjD+uvtlFr85aaCDcyatLW+FhNr8adpNiNbYlUSl
mTqq5DJBfjz9aSfHsQ9zPGq4v/Wirk0JyWu+wrGflL68ZQ8iCTNFMkJTfY6g6LI4
b8GYxtReuKGYKnj35ebxdKFFuJn13RVvHkQPYoeeU859p0ifINa95V90LAhP3RzZ
oQIqFvwx2+eFz3nDfbnuJW3XavM5zbRf9sombM9nt0HAk8wQiMimN1T0j9TiUK3K
oRWpbR2MLrdAcZKep+UkBzA3QyC2Djf/sqnhtfWkkA9dtWaCYAHQOkF52wFi8dvM
yy8Vor089lL6w7da6RnRVnNpXC4VagvGtZ5aH/dGxmMYQNBKRUDT5ZY7ayPkGlTw
15/E4sexFqzcX5jwPNICUJrG+WbBO36nT8bFM2zN85yNWU8R09Pw/CgDz0l8NsPg
L7hmFZwg8A0uvC6BJNBIMdEtQSxf7/sQcOHQuLdzSqUX+DAqx0g=
=HECx
—–END PGP SIGNATURE—–


