—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Red Hat JBoss Middleware 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64

Overview

Multiple vulnerabilities have been reported in Red Hat JBoss Middleware which could be exploited by a remote attacker to perform HTTP request smuggling or cause denial-of-service (DoS) condition on the targeted system.

Target Audience:

Large-scale enterprises and organizations using Red Hat JBoss products.

Risk Assessment:

High risk of unauthorized access to sensitive data, disruption of services.

Impact Assessment:

Potential for data exposure and manipulation, service unavailability.

Description

Red Hat JBoss Middleware is an open-source platform for developing and managing Java applications, offering integration, automation, and cloud-ready features to help enterprises build scalable and secure solutions.

Multiple vulnerabilities exist in Red Hat JBoss Middleware due to improper validation of buffer sizes, flaw in Eclipse Jettys HTTP/2 implementation and incorrect parsing of chunk extensions. A remote attacker could exploit these vulnerabilities by sending a specially crafted request.

Successful exploitation of these vulnerabilities could allow a remote attacker to perform HTTP request smuggling or cause denial-of-service (DoS) condition on the targeted system.

Solution

Apply appropriate fix/patches as mentioned:

https://access.redhat.com/errata/RHSA-2025:17567

Vendor Information

RedHat

https://access.redhat.com/errata/RHSA-2025:17567

References

RedHat

https://access.redhat.com/errata/RHSA-2025:17567

CVE Name

CVE-2025-5115

CVE-2025-27533

CVE-2025-58056

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjnuh8ACgkQ3jCgcSdc

ys/fyRAAo0e/Hp4soJv/yKgsnPYlm59v5OKXQXHpYkKAizCEOR7Eb7CL2vTWlB6f

tuZdzUpmOEg282G6Wyogn0+QGFfi4L++Id+qT6ZHnci/K86veepU0LiHXPQ+GwNd

zK65Iq+OFIMHZ3MfKAwkT0pyP+AbQZX3Xw5QM/xFYPX2y1EG8yhBrGbR/XO5QIN+

hjJvs9edA5SVFoPdar7wgm3+AvsCyE5FkLDuID11YdG/pWbCHQ3/hjVUD1BASdfV

i8Pntv159WT6xh5nbG5+RHsF7Nw8pc4uuBLGm6FXlGuQPEL9UFV9o6BCdjqx4uhP

c64xJ2WTkBQI+Eneia3FVe3jt8FPDPrsqc7Yi3EViZXaekwFTuKAw+HC17THxcjP

KUvvIkfzPL+TL9EQSXhu2eznLxdKEdsvLIwWlfUuVdyeDbrcKmRC+3IK7DjsKbmG

kF0IsxfkYj/mvvYGDunUqkPD/yJNkAoHhOGur/Sd23qtdHB5adRsD8Amg+90xtJm

KdVF3NCjLw/c393bfBqUrDhDNOCXs/5oB0c5nQnaPBtnLkvrwgR0l6N2qeQW+nTr

9r9bgFVByfw+8AzidY3XySxmHerEnE2sbLwfsDCqzbB2e/TvjEh+xEfLgwvcXvtA

nIazHeIFLGjfr5/TbSGVWQ228uRhi0T8j2U/OoNyCt/RRrpVGko=

=hmIV

—–END PGP SIGNATURE—–