—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Red Hat JBoss 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Red Hat JBoss Enterprise Application Platform 7.1 EUS 7.1 x86_64

Overview

Multiple vulnerabilities have been reported in Red Hat JBoss Enterprise Application Platform which could allow a remote attacker to cause a denial-of-service (DoS) condition on the targeted system.

Target Audience

Large scale enterprises and organizations using Red Hat JBoss Products.

Risk Assessment

High risk of unauthorized access to sensitive data, disruption of services.

Impact Assessment

Potentially for remote code execution, service unavailability.

Description

Red Hat JBoss is a Java-based server that provides a secure, scalable, and high-performance environment for developing, deploying, and managing enterprise applications.

These vulnerabilities exist in Red Hat JBoss Enterprise Application Platform due to a boundary error when parsing deeply nested JSON files and resource exhaustion flaw when handling HTTP/2 requests. A remote attacker could exploit these vulnerabilities by sending specially crafted requests to a vulnerable Red Hat JBoss Enterprise Application Platform instance.

Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial-of-service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://access.redhat.com/errata/RHSA-2026:0742

Vendor Information

Redhat

https://access.redhat.com/errata/RHSA-2026:0742

References

Redhat

https://access.redhat.com/errata/RHSA-2026:0742

CVE Name

CVE-2025-52999

CVE-2025-55163

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlvlFQACgkQ3jCgcSdc

ys87vBAAlKa+MxLN070k0NtnsKSuB3kf417E3HIoJJMMYilCNQVvJYZJmtPNG4kb

Yo1AO8MQKDTvGBFjKRufzrsv7xaOaQ6YC/WbPb6SoN5wk91RX7xkGHwNHWe1xS7v

Ay/u5Nul72VhVa0at2JdqnfjA5cMuoZFMAsoSVZ9ovAhy7RcbLO7IqyK2+Oe6KHR

aFmwKVPxFK8HNBdcJ2SNhEVAr3gvMT8W9mbTEBXsvURlZqVsxPGg4D80bqFtraLC

hFbCqwFqeWatLstP0o7qFAIdKix5A6KUyWTXVx4sT+yUyd2o0kLfyFIzYgL4RC87

+vGcKMb5abDlEAlpXeQ45mTXlecKIqpYgH9M9adXXIupL+rfz2if2KD9KD+seXMy

2Ak5bjsUgVfOQSMDy3CudaVMFKYxk+xTEfE+eBW+MXuwub7u4JLqRC1ejKjgKnGH

s8VPjnwIMoXwPH+BxNwbi7vlu1Sb1KrgM85ZFkWKEbrMc7xWnRHmR4X2cZRe2VYk

tyRmVkcw3dvRmHu4HhaVjwv/jRxq02rAVu+8O2m1RcA0JM6kj0N8zJnFpPB0FvTF

0elYtzjB6bYX1sWsqTQxyeTn+dydaXiJBlKUclAPBy9gaskKb5EYP7wYKN0pV9ib

88cuJTsZLNmnfaL9nzWAnmj19jlD3vCjffufrBY8GNRrz9SGFjM=

=MDQK

—–END PGP SIGNATURE—–