—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Red Hat JBoss 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

JBoss Enterprise Application Platform 8.0 for RHEL 9 x86_64

Overview

Multiple vulnerabilities have been reported in Red Hat JBoss which allow a remote attacker to gain sensitive information and cause denial-of-service (DoS) condition on the targeted system.

Target Audience:

Large-scale enterprises and organizations using Red Hat JBoss products.

Risk Assessment:

High risk of unauthorized access to sensitive data, disruption of services.

Impact Assessment:

Potential for sensitive information disclosure, service unavailability.

Description

Red Hat JBoss is a Java-based server that provides a secure, scalable and high-performance environment for developing, deploying and managing enterprise applications.

Multiple vulnerabilities exist in Red Hat JBoss due to Out-of-Memory conditions in Undertow when parsing specially crafted application/x-www-form-urlencoded data and Unsafe XML parsing in Eclipse JGit. A remote attacker could exploit these vulnerabilities by sending a specially crafted request.

Successful exploitation of these vulnerabilities could allow a remote attacker to gain sensitive information and cause denial-of-service (DoS) condition on the targeted system.

Solution

Apply appropriate fix/patches as mentioned:

https://access.redhat.com/errata/RHSA-2025:22773

https://access.redhat.com/errata/RHSA-2025:22775

Vendor Information

RedHat

https://access.redhat.com/errata/RHSA-2025:22773

https://access.redhat.com/errata/RHSA-2025:22775

References

RedHat

https://access.redhat.com/errata/RHSA-2025:22773

https://access.redhat.com/errata/RHSA-2025:22775

CVE Name

CVE-2024-3884

CVE-2025-4949

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmk5e14ACgkQ3jCgcSdc

ys/s3A/+IY0VnaIZ5FYP1EuBW2cx5qWAQAlCPEE7kymM/sMH8JdxP10cSL4zNr0E

Chu+G1rspwwnESjMHYg+8I02WukTlLmThVPDSDSoJCuVJbC5CpaS+M6oST8wYdIm

51worIRFYnlwFngvgpTX1gkU7BATKiu8shcE+fYBo+VQyB+eaCYZXitn3aB1O1kq

oJ8LH78rnre1iaNVYEs14Ie06fGrhXIJTu9Hm9Krof/ExvaqvbtERAAyJblH3LJL

210P6wRSrQ28n1T4dbDtmJhNSjR1xazM3TQNg40ofDE48VX9Ew4Pn+Xjy7kEvVDc

cHaKRwqiZEiKqn+WPQ5eiHuVS/nUEJ+msXDe0j2XW/odjy2BSHvjG2QnA8P+qT6E

Q5EU+LAp/mkPMWdBQuNY0ozlyDrk1oJXQJNDL9zcMTSmlxRfcFzs7CWuuJifaq+Q

6o30UOdoOCbRIGyWblWz339piw4z5lz0Ly9wvd9UGPDA8rcgcWtyGfEaFHgZzMCT

K5Utit51FQc/Q4OTE2oDQvrJv3qq2DUPGETCcck1MYCYTqFBbuLUDK6bZ1Jq3YvC

dWCwjiCrTmNpWpqrZ5QKnUu6iFMmfb7xj0i3V88HF35SPgCGu+5WbWAPuB6W+pLY

H8oalMdcyM4AlOdc5qug9BmCUA031p+ou0Kj2+cS3ImtASs558w=

=yYyf

—–END PGP SIGNATURE—–