[CIVN-2026-0353] Multiple Vulnerabilities in RedHat JBoss Enterprise Application

By Published On: July 3, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in RedHat JBoss Enterprise Application


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: CRITICAL


Software Affected


Red Hat JBoss Enterprise Application Platform 7.3 EUS 7.3 x86_64 

Red Hat JBoss Enterprise Application Platform 7.1 EUS 7.1 x86_64

Overview


Multiple vulnerabilities have been reported in Red Hat JBoss Enterprise Application Platform which could allow a remote attacker to cause denial-of-service (DoS), perform server-side request forgery (SSRF), poison web caches, or potentially expose sensitive information on the targeted system.


Target Audience:

Large scale enterprises and organizations using Red Hat JBoss Products.


Risk Assessment:

High risk of service disruption, unauthorized access to internal resources, cache manipulation, and potential exposure of sensitive information.


Impact Assessment:

Potential for sensitive data exposure, unauthorized access to internal resources, cache poisoning, and disruption of service.


Description


Red Hat JBoss is a Java-based server that provides a secure, scalable, and high-performance environment for developing, deploying, and managing enterprise applications.


These vulnerabilities exist in Red Hat JBoss Enterprise Application due to improper validation of HTTP Host headers, insufficient handling of malformed HTTP/2 requests, insecure processing of temporary files, and improper handling of malicious JSON Web Encryption (JWE) tokens. A remote attacker could exploit these weaknesses by sending specially crafted requests or malicious input.


Successful exploitation of these vulnerabilities could allow an attacker to cause denial-of-service (DoS), perform server-side request forgery (SSRF), poison web caches, or potentially expose sensitive information on the targeted system.


Solution


Apply appropriate Updates as mentioned:

https://access.redhat.com/errata/RHSA-2026:33371


https://access.redhat.com/errata/RHSA-2026:33372



Vendor Information


RedHat

https://access.redhat.com/errata/RHSA-2026:33371

https://access.redhat.com/errata/RHSA-2026:33372


References


 

https://access.redhat.com/errata/RHSA-2026:33371

https://access.redhat.com/errata/RHSA-2026:33372


CVE Name

CVE-2025-9784

CVE-2025-12543

CVE-2025-23184

CVE-2024-29371




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpH1AsACgkQ3jCgcSdc

ys/NIA/+NcWXDH6WiA3azSh04sA60b/ivCyviTRRv94R5qE3NX8U2WRgA0Wd3K+t

HXjhnSnZrcuARQGE96IaD3rsr+DF/szbbisupqKPIQfGPcDwKRWV55pfasIK/5b0

ATppGOxkBCPt1y8rYAcmXW9tA5ZUiOMtWKc/c4vX4UwngPJb5DXyia6mqPuE2NHx

h73BsPPRZjbG/2uxFFyri27kGjD+uvtlFr85aaCDcyatLW+FhNr8adpNiNbYlUSl

mTqq5DJBfjz9aSfHsQ9zPGq4v/Wirk0JyWu+wrGflL68ZQ8iCTNFMkJTfY6g6LI4

b8GYxtReuKGYKnj35ebxdKFFuJn13RVvHkQPYoeeU859p0ifINa95V90LAhP3RzZ

oQIqFvwx2+eFz3nDfbnuJW3XavM5zbRf9sombM9nt0HAk8wQiMimN1T0j9TiUK3K

oRWpbR2MLrdAcZKep+UkBzA3QyC2Djf/sqnhtfWkkA9dtWaCYAHQOkF52wFi8dvM

yy8Vor089lL6w7da6RnRVnNpXC4VagvGtZ5aH/dGxmMYQNBKRUDT5ZY7ayPkGlTw

15/E4sexFqzcX5jwPNICUJrG+WbBO36nT8bFM2zN85yNWU8R09Pw/CgDz0l8NsPg

L7hmFZwg8A0uvC6BJNBIMdEtQSxf7/sQcOHQuLdzSqUX+DAqx0g=

=HECx

—–END PGP SIGNATURE—–

Share this article