Vulnerability-Lookup

RHSA-2026:33371

Vulnerability from csaf_redhat - Published: 2026-06-30 00:13 - Updated: 2026-06-30 17:36

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.17, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.18 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jose4j: From CVEorg collector (CVE-2024-29371) * undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF (CVE-2025-12543) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files (CVE-2025-23184) * undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-29371

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix

Known not affected 30 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src		—

Threats

Impact Important

CVE-2025-9784

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch		—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src		—	Vendor Fix fix Workaround

Known not affected 34 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround

Threats

Impact Important

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch		—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src		—	Vendor Fix fix Workaround

Known not affected 34 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Workaround

Threats

Impact Important

CVE-2025-13465

A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2025-23184

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Vendor Fix fix

Known not affected 31 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch		—

Threats

Impact Low

CVE-2025-23368

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2025-66412

A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes (including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements) as requiring strict sanitization. As a result, an attacker who can supply untrusted data bound to those attributes may inject a malicious javascript: URL or script that persists (Stored XSS), which can execute in the context of the application's origin when rendered.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2025-69873

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2026-1002

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Moderate

CVE-2026-24842

A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src	—	Workaround

Threats

Impact Important

References

72 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:33371	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2392306	external
https://bugzilla.redhat.com/show_bug.cgi?id=2408784	external
https://bugzilla.redhat.com/show_bug.cgi?id=2423194	external
https://issues.redhat.com/browse/JBEAP-31703	external
https://issues.redhat.com/browse/JBEAP-33004	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-29371	self
https://bugzilla.redhat.com/show_bug.cgi?id=2423194	external
https://www.cve.org/CVERecord?id=CVE-2024-29371	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29371	external
https://bitbucket.org/b_c/jose4j/issues/220/vuln-…	external
https://access.redhat.com/security/cve/CVE-2025-9784	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392306	external
https://www.cve.org/CVERecord?id=CVE-2025-9784	external
https://nvd.nist.gov/vuln/detail/CVE-2025-9784	external
https://github.com/undertow-io/undertow/pull/1778	external
https://github.com/undertow-io/undertow/releases/…	external
https://issues.redhat.com/browse/UNDERTOW-2598	external
https://kb.cert.org/vuls/id/767506	external
https://access.redhat.com/security/cve/CVE-2025-12543	self
https://bugzilla.redhat.com/show_bug.cgi?id=2408784	external
https://www.cve.org/CVERecord?id=CVE-2025-12543	external
https://nvd.nist.gov/vuln/detail/CVE-2025-12543	external
https://access.redhat.com/security/cve/CVE-2025-13465	self
https://bugzilla.redhat.com/show_bug.cgi?id=2431740	external
https://www.cve.org/CVERecord?id=CVE-2025-13465	external
https://nvd.nist.gov/vuln/detail/CVE-2025-13465	external
https://github.com/lodash/lodash/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2025-15284	self
https://bugzilla.redhat.com/show_bug.cgi?id=2425946	external
https://www.cve.org/CVERecord?id=CVE-2025-15284	external
https://nvd.nist.gov/vuln/detail/CVE-2025-15284	external
https://github.com/ljharb/qs/commit/3086902ecf7f0…	external
https://github.com/ljharb/qs/security/advisories/…	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23368	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337621	external
https://www.cve.org/CVERecord?id=CVE-2025-23368	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23368	external
https://www.gruppotim.it/it/footer/red-team.html	external
https://access.redhat.com/security/cve/CVE-2025-66412	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418155	external
https://www.cve.org/CVERecord?id=CVE-2025-66412	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66412	external
https://github.com/angular/angular/commit/1c6b070…	external
https://github.com/angular/angular/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-69873	self
https://bugzilla.redhat.com/show_bug.cgi?id=2439070	external
https://www.cve.org/CVERecord?id=CVE-2025-69873	external
https://nvd.nist.gov/vuln/detail/CVE-2025-69873	external
https://github.com/EthanKim88/ethan-cve-disclosur…	external
https://access.redhat.com/security/cve/CVE-2026-1002	self
https://bugzilla.redhat.com/show_bug.cgi?id=2430180	external
https://www.cve.org/CVERecord?id=CVE-2026-1002	external
https://nvd.nist.gov/vuln/detail/CVE-2026-1002	external
https://github.com/eclipse-vertx/vert.x/pull/5895	external
https://access.redhat.com/security/cve/CVE-2026-24842	self
https://bugzilla.redhat.com/show_bug.cgi?id=2433645	external
https://www.cve.org/CVERecord?id=CVE-2026-24842	external
https://nvd.nist.gov/vuln/detail/CVE-2026-24842	external
https://github.com/isaacs/node-tar/commit/f4a7aa9…	external
https://github.com/isaacs/node-tar/security/advis…	external

Acknowledgments

Ahmet Artuç

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.17, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.18 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jose4j: From CVEorg collector (CVE-2024-29371)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF (CVE-2025-12543)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files (CVE-2025-23184)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:33371",
        "url": "https://access.redhat.com/errata/RHSA-2026:33371"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2392306",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
      },
      {
        "category": "external",
        "summary": "2408784",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
      },
      {
        "category": "external",
        "summary": "2423194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
      },
      {
        "category": "external",
        "summary": "JBEAP-31703",
        "url": "https://issues.redhat.com/browse/JBEAP-31703"
      },
      {
        "category": "external",
        "summary": "JBEAP-33004",
        "url": "https://issues.redhat.com/browse/JBEAP-33004"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update",
    "tracking": {
      "current_release_date": "2026-06-30T17:36:44+00:00",
      "generator": {
        "date": "2026-06-30T17:36:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:33371",
      "initial_release_date": "2026-06-30T00:13:50+00:00",
      "revision_history": [
        {
          "date": "2026-06-30T00:13:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-30T00:13:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T17:36:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.3-EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
                  "product_id": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-8.SP9_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-23.Final_redhat_00025.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.18-3.GA_redhat_00001.1.el7eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-8.SP9_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-29371",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2025-12-17T16:01:18.173727+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2423194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important as it can lead to a Denial of Service in applications that process untrusted JSON Web Encryption tokens. An attacker can craft a malicious JWE token with an exceptionally high compression ratio, causing excessive memory allocation and processing time during decompression in affected components like jose4j. This affects products such as Red Hat AMQ, Enterprise Application Platform (EAP 8.0.z, 8.1.z), Red Hat JBoss Fuse, JBoss Data Grid, OpenShift Developer Tools \u0026 Services, Red Hat build of Apache Camel, Red Hat Integration, Red Hat OpenShift Dev Spaces, Red Hat Process Automation Manager, Red Hat Single Sign-On (RH-SSO), Insights, cloud.redhat.com, and OpenShift Serverless.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29371"
        },
        {
          "category": "external",
          "summary": "RHBZ#2423194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack",
          "url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
        }
      ],
      "release_date": "2025-12-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression"
    },
    {
      "cve": "CVE-2025-9784",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-01T06:19:20.938000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392306"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392306",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
        },
        {
          "category": "external",
          "summary": "https://github.com/undertow-io/undertow/pull/1778",
          "url": "https://github.com/undertow-io/undertow/pull/1778"
        },
        {
          "category": "external",
          "summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
          "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
        },
        {
          "category": "external",
          "summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
          "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/767506",
          "url": "https://kb.cert.org/vuls/id/767506"
        }
      ],
      "release_date": "2025-09-01T06:21:54.614000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ahmet Artu\u00e7"
          ]
        }
      ],
      "cve": "CVE-2025-12543",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2025-10-31T06:15:35.424000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408784",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
        }
      ],
      "release_date": "2026-01-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
    },
    {
      "cve": "CVE-2025-13465",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2026-01-21T20:01:28.774829+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431740"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: prototype pollution in _.unset and _.omit functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431740",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "release_date": "2026-01-21T19:05:28.846000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lodash: prototype pollution in _.unset and _.omit functions"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23368",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "discovery_date": "2025-01-14T14:56:46.792000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337621"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "According to WildFly Elytron, this affects all versions of JBoss EAP from version 7.1.\nRed Hat build of Keycloak does not ship wildfly-elytron.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337621",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "https://www.gruppotim.it/it/footer/red-team.html",
          "url": "https://www.gruppotim.it/it/footer/red-team.html"
        }
      ],
      "release_date": "2025-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI"
    },
    {
      "cve": "CVE-2025-66412",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:21.304427+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418155"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes (including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements) as requiring strict sanitization. As a result, an attacker who can supply untrusted data bound to those attributes may inject a malicious javascript: URL or script that persists (Stored XSS), which can execute in the context of the application\u0027s origin when rendered.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66412"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418155",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418155"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66412",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66412"
        },
        {
          "category": "external",
          "summary": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a",
          "url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
        },
        {
          "category": "external",
          "summary": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49",
          "url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
        }
      ],
      "release_date": "2025-12-01T22:35:59.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "You could always manually sanitize user-controlled input or Disable or restrict dynamic SVG/MathML usage where possible in order to mitigate this flaw.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes"
    },
    {
      "cve": "CVE-2025-69873",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2026-02-11T19:01:32.953264+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2439070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ajv: ReDoS via $data reference",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "RHBZ#2439070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
          "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
        }
      ],
      "release_date": "2026-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ajv: ReDoS via $data reference"
    },
    {
      "cve": "CVE-2026-1002",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2026-01-15T21:03:20.088599+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2430180"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1002"
        },
        {
          "category": "external",
          "summary": "RHBZ#2430180",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
        }
      ],
      "release_date": "2026-01-15T20:50:25.642000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
    },
    {
      "cve": "CVE-2026-24842",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2026-01-28T01:01:16.886629+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2433645"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24842"
        },
        {
          "category": "external",
          "summary": "RHBZ#2433645",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
          "url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
          "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
        }
      ],
      "release_date": "2026-01-28T00:20:13.261000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-30T00:13:50+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
    }
  ]
}

CVE-2024-29371 (GCVE-0-2024-29371)

Vulnerability from cvelistv5 – Published: 2025-12-17 00:00 – Updated: 2026-01-23 19:28

Summary

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-1259 - Improper Restriction of Security Token Assignment

Assigner

mitre

References

1 reference

URL	Tags
https://bitbucket.org/b_c/jose4j/issues/220/vuln-…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-29371",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T18:38:20.096134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1259",
                "description": "CWE-1259 Improper Restriction of Security Token Assignment",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T18:48:36.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T19:28:10.386Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-29371",
    "datePublished": "2025-12-17T00:00:00.000Z",
    "dateReserved": "2024-03-19T00:00:00.000Z",
    "dateUpdated": "2026-01-23T19:28:10.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12543 (GCVE-0-2025-12543)

Vulnerability from cvelistv5 – Published: 2026-01-07 16:04 – Updated: 2026-06-30 03:15

Title

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

Summary

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

redhat

References

16 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:0383	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0384	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0386	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33372	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3889	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3890	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3891	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4915	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4916	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4917	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4924	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12543	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2408784	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex

Impacted products

68 products

Vendor	Product	Version
Red Hat	Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11	cpe:/a:redhat:apache_camel_spring_boot:4.14
Red Hat	Red Hat JBoss Enterprise Application Platform	Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7	Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red Hat	Red Hat JBoss EAP 7.4 ELS for RHEL 8	cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red Hat	Red Hat JBoss EAP 8.0 for RHEL 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss EAP 8.1 for RHEL 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss EAP 7.4 ELS for RHEL 9	cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red Hat	Red Hat JBoss EAP 8.0 for RHEL 9	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss EAP 8.1 for RHEL 9	cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform	cpe:/a:redhat:jboss_enterprise_application_platform::el7

Date Public

2026-01-08 00:00

Credits

Red Hat would like to thank Ahmet Artuç for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12543",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:30.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 8.0 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 8.1 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 8.0 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss EAP 8.1 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 8.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 8.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:apache_camel_spring_boot:4.14"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_data_grid:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Data Grid 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_fuse:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Fuse 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Process Automation 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_single_sign_on:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Single Sign-On 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:apache_camel_hawtio:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat build of Apache Camel - HawtIO 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-01-08T00:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:15:36.209Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
          },
          {
            "name": "RHBZ#2408784",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12543.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33372"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33371"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4915"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4916"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3889"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:0383"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4917"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3891"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:0384"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:0386"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4924"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3890"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33372: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4915: Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4916: Red Hat JBoss EAP 7.4 ELS for RHEL 8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3889: Red Hat JBoss EAP 8.0 for RHEL 8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:0383: Red Hat JBoss EAP 8.1 for RHEL 8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4917: Red Hat JBoss EAP 7.4 ELS for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3891: Red Hat JBoss EAP 8.0 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:0384: Red Hat JBoss EAP 8.1 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3892: Red Hat JBoss Enterprise Application Platform 8.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:0386: Red Hat JBoss Enterprise Application Platform 8.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4924: Red Hat JBoss Enterprise Application Platform"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3890: Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-31T06:15:35.424Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-01-08T00:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:4.14"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "affected",
          "packageName": "io.undertow/undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.2.39.Final-redhat-00001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.83.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-guava-libraries",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jaxb",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.6-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-3.redhat_00009.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.83.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-guava-libraries",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jaxb",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.6-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-3.redhat_00009.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.82.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eventstream",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-clustering",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-javadocs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.82.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eventstream",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-clustering",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-javadocs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat build of Apache Camel - HawtIO 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "moditect",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "pki-core:10.6/resteasy",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "pki-deps:10.6/resteasy",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "resteasy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ahmet Artu\u00e7 for reporting this issue."
        }
      ],
      "datePublic": "2026-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T02:46:49.150Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:0383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0383"
        },
        {
          "name": "RHSA-2026:0384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0384"
        },
        {
          "name": "RHSA-2026:0386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0386"
        },
        {
          "name": "RHSA-2026:33371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "name": "RHSA-2026:33372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:33372"
        },
        {
          "name": "RHSA-2026:3889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3889"
        },
        {
          "name": "RHSA-2026:3890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3890"
        },
        {
          "name": "RHSA-2026:3891",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3891"
        },
        {
          "name": "RHSA-2026:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3892"
        },
        {
          "name": "RHSA-2026:4915",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4915"
        },
        {
          "name": "RHSA-2026:4916",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4916"
        },
        {
          "name": "RHSA-2026:4917",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4917"
        },
        {
          "name": "RHSA-2026:4924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4924"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
        },
        {
          "name": "RHBZ#2408784",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-31T06:15:35.424Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-01-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-20: Improper Input Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12543",
    "datePublished": "2026-01-07T16:04:22.155Z",
    "dateReserved": "2025-10-31T06:48:03.659Z",
    "dateUpdated": "2026-06-30T03:15:36.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13465 (GCVE-0-2025-13465)

Vulnerability from cvelistv5 – Published: 2026-01-21 19:05 – Updated: 2026-06-30 12:07

Title

Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Summary

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

openjs

References

76 references

URL	Tags
https://github.com/lodash/lodash/security/advisor…
https://cert-portal.siemens.com/productcert/html/…
https://access.redhat.com/security/cve/CVE-2025-13465	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2431740	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3958	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1845	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18480	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24331	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18868	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4782	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25089	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2818	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2438	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2484	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2819	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2817	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2816	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2452	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2900	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5633	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8229	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13548	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13829	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4466	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4467	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3962	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3960	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33154	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4630	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2675	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2694	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3782	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3870	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3422	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2990	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15091	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14774	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2661	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20088	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2672	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21658	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2078	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20042	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2651	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17469	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2119	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2984	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6192	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3869	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3874	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3884	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3710	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3825	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2145	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2147	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2148	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2149	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6497	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6567	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14870	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14871	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6288	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2926	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3087	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13542	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9848	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5636	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8218	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11414	vendor-advisoryx_refsource_REDHAT

Impacted products

126 products

Vendor	Product	Version
Lodash	Lodash	Affected: 4.0.0 , ≤ 4.17.22 (semver)
Lodash-amd	Lodash-amd	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash-es	lodash-es	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash.unset	lodash.unset	Affected: 4.0.0
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V4.0 (custom)
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
Red Hat	Cryostat 4 on RHEL 9	cpe:/a:redhat:cryostat:4::el9
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Cluster Observability Operator 1.4.0	cpe:/a:redhat:cluster_observability_operator:1.4::el9
Red Hat	HawtIO HawtIO 4.4.0	cpe:/a:redhat:apache_camel_hawtio:4.4::el9
Red Hat	Red Hat Enterprise Linux High Availability EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux High Availability (v. 10)	cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux High Availability AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::highavailability
Red Hat	Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::highavailability
Red Hat	Red Hat Enterprise Linux High Availability TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::highavailability
Red Hat	Red Hat Enterprise Linux High Availability TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::highavailability
Red Hat	Red Hat Enterprise Linux High Availability EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::highavailability
Red Hat	Red Hat Enterprise Linux High Availability EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::highavailability
Red Hat	Red Hat Enterprise Linux High Availability (v. 9)	cpe:/a:redhat:enterprise_linux:9::highavailability
Red Hat	Network Observability (NETOBSERV) 1.11.2	cpe:/a:redhat:network_observ_optr:1.11::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.12	cpe:/a:redhat:acm:2.12::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.13	cpe:/a:redhat:acm:2.13::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.15	cpe:/a:redhat:acm:2.15::el9
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.10	cpe:/a:redhat:advanced_cluster_security:4.10::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.8	cpe:/a:redhat:advanced_cluster_security:4.8::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.9	cpe:/a:redhat:advanced_cluster_security:4.9::el8
Red Hat	Red Hat Ansible Automation Platform 2.5	cpe:/a:redhat:ansible_automation_platform:2.5::el8
Red Hat	Red Hat Ansible Automation Platform 2.6	cpe:/a:redhat:ansible_automation_platform:2.6::el9
Red Hat	Red Hat Ceph Storage 7.1	cpe:/a:redhat:ceph_storage:7.1::el9
Red Hat	Red Hat Data Grid 8.6.0	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Developer Hub 1.8	cpe:/a:redhat:rhdh:1.8::el9
Red Hat	Red Hat Discovery 2	cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat OpenShift AI 2.25	cpe:/a:redhat:openshift_ai:2.25::el9
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenShift Container Platform 4.12	cpe:/a:redhat:openshift:4.12::el9
Red Hat	Red Hat OpenShift Container Platform 4.13	cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat OpenShift Container Platform 4.20	cpe:/a:redhat:openshift:4.20::el9
Red Hat	Red Hat OpenShift Container Platform 4.21	cpe:/a:redhat:openshift:4.21::el9
Red Hat	Red Hat OpenShift Dev Spaces 3.27	cpe:/a:redhat:openshift_devspaces:3.27::el9
Red Hat	Red Hat OpenShift GitOps 1.17	cpe:/a:redhat:openshift_gitops:1.17::el8
Red Hat	Red Hat OpenShift GitOps 1.18	cpe:/a:redhat:openshift_gitops:1.18::el8
Red Hat	Red Hat OpenShift GitOps 1.19	cpe:/a:redhat:openshift_gitops:1.19::el8
Red Hat	Red Hat OpenShift Pipelines 1.15	cpe:/a:redhat:openshift_pipelines:1.15::el8
Red Hat	Red Hat OpenShift Pipelines 1.2	cpe:/a:redhat:openshift_pipelines:1.20::el9
Red Hat	Red Hat OpenShift Service Mesh 2.6	cpe:/a:redhat:service_mesh:2.6::el8
Red Hat	Red Hat OpenShift Service Mesh 3.0	cpe:/a:redhat:service_mesh:3.0::el9
Red Hat	Red Hat OpenShift Service Mesh 3.1	cpe:/a:redhat:service_mesh:3.1::el9
Red Hat	Red Hat OpenShift Service Mesh 3.2	cpe:/a:redhat:service_mesh:3.2::el9
Red Hat	Red Hat Quay 3.16	cpe:/a:redhat:quay:3.16::el9
Red Hat	Red Hat Satellite 6.18	cpe:/a:redhat:satellite:6.18::el9
Red Hat	Red Hat Trusted Artifact Signer 1.2	cpe:/a:redhat:trusted_artifact_signer:1.2::el9
Red Hat	Red Hat Trusted Artifact Signer 1.3	cpe:/a:redhat:trusted_artifact_signer:1.3::el9
Red Hat	Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage (v. 9)	cpe:/a:redhat:enterprise_linux:9::resilientstorage
Red Hat	multicluster engine for Kubernetes 2.10	cpe:/a:redhat:multicluster_engine:2.10::el9
Red Hat	multicluster engine for Kubernetes 2.6	cpe:/a:redhat:multicluster_engine:2.6::el9
Red Hat	multicluster engine for Kubernetes 2.7	cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.8	cpe:/a:redhat:multicluster_engine:2.8::el9
Red Hat	multicluster engine for Kubernetes 2.9	cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	Logging Subsystem for Red Hat OpenShift	cpe:/a:redhat:logging:5
Red Hat	Migration Toolkit for Applications 8	cpe:/a:redhat:migration_toolkit_applications:8
Red Hat	Migration Toolkit for Containers	cpe:/a:redhat:rhmt:1
Red Hat	Migration Toolkit for Virtualization	cpe:/a:redhat:migration_toolkit_virtualization:2
Red Hat	Node HealthCheck Operator	cpe:/a:redhat:workload_availability_nhc:0
Red Hat	OpenShift Lightspeed	cpe:/a:redhat:openshift_lightspeed
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	Red Hat 3scale API Management Platform 2	cpe:/a:redhat:red_hat_3scale_amp:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat build of Apicurio Registry 2	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat build of OptaPlanner 8	cpe:/a:redhat:optaplanner:::el6
Red Hat	Red Hat Ceph Storage 4	cpe:/a:redhat:ceph_storage:4
Red Hat	Red Hat Ceph Storage 5	cpe:/a:redhat:ceph_storage:5
Red Hat	Red Hat Ceph Storage 6	cpe:/a:redhat:ceph_storage:6
Red Hat	Red Hat Ceph Storage 8	cpe:/a:redhat:ceph_storage:8
Red Hat	Red Hat Connectivity Link 1	cpe:/a:redhat:connectivity_link:1
Red Hat	Red Hat Edge Manager 1	cpe:/a:redhat:edge_manager:1
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat Openshift Data Foundation 4	cpe:/a:redhat:openshift_data_foundation:4
Red Hat	Red Hat OpenShift distributed tracing 3	cpe:/a:redhat:openshift_distributed_tracing:3
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat	Red Hat Trusted Profile Analyzer	cpe:/a:redhat:trusted_profile_analyzer:2
Red Hat	streams for Apache Kafka 2	cpe:/a:redhat:amq_streams:2
Red Hat	streams for Apache Kafka 3	cpe:/a:redhat:amq_streams:3
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 10	cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
Red Hat	Confidential Compute Attestation	cpe:/a:redhat:confidential_compute_attestation:1
Red Hat	Gatekeeper 3	cpe:/a:redhat:gatekeeper:3
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	OpenShift Service Mesh 2	cpe:/a:redhat:service_mesh:2
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Directory Server 11	cpe:/a:redhat:directory_server:11
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Directory Server 13	cpe:/a:redhat:directory_server:13
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat OpenShift Dev Spaces	cpe:/a:redhat:openshift_devspaces:3
Red Hat	Red Hat Quay 3	cpe:/a:redhat:quay:3

Credits

Lukas Euler Jordan Harband Michał Lipiński Ulises Gascón

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T19:43:10.513400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T19:43:38.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T12:59:53.016Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
          }
        ],
        "x_adpType": "supplier"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4 on RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cluster_observability_operator:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cluster Observability Operator 1.4.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "HawtIO HawtIO 4.4.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "Network Observability (NETOBSERV) 1.11.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.12::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:7.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 7.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_data_grid:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Data Grid 8.6.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:discovery:2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Discovery 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.12::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.27::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.27",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.17::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.18::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.19::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.15::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2.6::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.0::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.10::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.7::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:5"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_applications:8"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Applications 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhmt:1"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_virtualization:2"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Virtualization",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_nhc:0"
            ],
            "defaultStatus": "affected",
            "product": "Node HealthCheck Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_lightspeed"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Lightspeed",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_registry:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat build of Apicurio Registry 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:optaplanner:::el6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat build of OptaPlanner 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:5"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_fuse:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Fuse 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_distributed_tracing:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift distributed tracing 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Process Automation 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_single_sign_on:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Single Sign-On 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_profile_analyzer:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Profile Analyzer",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:2"
            ],
            "defaultStatus": "affected",
            "product": "streams for Apache Kafka 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:3"
            ],
            "defaultStatus": "affected",
            "product": "streams for Apache Kafka 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:confidential_compute_attestation:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Confidential Compute Attestation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:gatekeeper:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Gatekeeper 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "unaffected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:11"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:12"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:13"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Quay 3",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-01-21T19:05:28.846Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1321",
                "description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:07:25.844Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
          },
          {
            "name": "RHBZ#2431740",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13465.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33371"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3958"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:1845"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18480"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24331"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18868"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4782"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25089"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2818"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2438"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2484"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2819"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2817"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2816"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2452"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2900"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5633"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8229"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13548"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13829"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4466"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3962"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3960"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33154"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4630"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2675"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2694"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3782"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3870"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3422"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2990"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15091"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4423"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14774"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2661"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20088"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2672"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21658"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2078"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20042"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2651"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2119"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2984"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6192"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3869"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3874"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3884"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3710"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3825"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2145"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2147"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2148"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2149"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6497"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6567"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14870"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14871"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6288"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2926"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3087"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13542"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9848"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5636"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8218"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11414"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:1845: Cryostat 4 on RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18480: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24331: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18868: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4782: Cluster Observability Operator 1.4.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2818: Red Hat Enterprise Linux High Availability EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2438: Red Hat Enterprise Linux High Availability (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2462: Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2469: Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2465: Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2484: Red Hat Enterprise Linux High Availability E4S (v.9.0), Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2819: Red Hat Enterprise Linux High Availability E4S (v.9.2), Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2817: Red Hat Enterprise Linux High Availability EUS (v.9.4), Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2816: Red Hat Enterprise Linux High Availability EUS (v.9.6), Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2452: Red Hat Enterprise Linux High Availability (v. 9), Red Hat Enterprise Linux Resilient Storage (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2900: Network Observability (NETOBSERV) 1.11.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5633: Red Hat Advanced Cluster Management for Kubernetes 2.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3962: Red Hat Ansible Automation Platform 2.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33154: Red Hat Ceph Storage 7.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4630: Red Hat Data Grid 8.6.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2675: Red Hat Developer Hub 1.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2694: Red Hat Discovery 2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3782: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3870: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3422: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2990: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4423: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2661: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2672: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2078: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2651: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2119: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2984: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3869: Red Hat OpenShift GitOps 1.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3874: Red Hat OpenShift GitOps 1.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3884: Red Hat OpenShift GitOps 1.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3710: Red Hat OpenShift Pipelines 1.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3825: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2145: Red Hat OpenShift Service Mesh 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2147: Red Hat OpenShift Service Mesh 3.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2148: Red Hat OpenShift Service Mesh 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2149: Red Hat OpenShift Service Mesh 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6497: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6567: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14870: Red Hat Satellite 6.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14871: Red Hat Satellite 6.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6288: Red Hat Satellite 6.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2926: Red Hat Trusted Artifact Signer 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3087: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5636: multicluster engine for Kubernetes 2.7"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11414: multicluster engine for Kubernetes 2.9"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-21T20:01:28.774Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-01-21T19:05:28.846Z",
            "value": "Made public."
          }
        ],
        "title": "lodash: prototype pollution in _.unset and _.omit functions",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "packageName": "lodash",
          "product": "Lodash",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "Lodash-amd",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash-amd",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash-es",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash-es",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash.unset",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash.unset",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lukas Euler"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jordan Harband"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Micha\u0142 Lipi\u0144ski"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eLodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the \u003ccode\u003e_.unset\u003c/code\u003e\u0026nbsp;and \u003ccode\u003e_.omit\u003c/code\u003e\u0026nbsp;functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\u003c/p\u003e\u003cp\u003eThe issue permits deletion of properties but does not allow overwriting their original behavior.\u003c/p\u003e\u003cp\u003eThis issue is patched on 4.17.23\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset\u00a0and _.omit\u00a0functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77 Manipulating User-Controlled Variables"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T19:05:28.846Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "source": {
        "advisory": "GHSA-xxjr-mmjv-4gpg",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2025-13465",
    "datePublished": "2026-01-21T19:05:28.846Z",
    "dateReserved": "2025-11-20T02:16:12.128Z",
    "dateUpdated": "2026-06-30T12:07:25.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15284 (GCVE-0-2025-15284)

Vulnerability from cvelistv5 – Published: 2025-12-29 22:56 – Updated: 2026-02-10 20:06

Title

arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Summary

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly. Details The arrayLimit option only checked limits for indexed notation (a[0]=1&a[1]=2) but did not enforce it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoC const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Note on parameterLimit interaction: The original advisory's "DoS demonstration" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000. Impact Consistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

2 references

URL	Tags
https://github.com/ljharb/qs/security/advisories/…	vendor-advisory
https://github.com/ljharb/qs/commit/3086902ecf7f0…	patch

Impacted products

1 product

Vendor	Product	Version
		Affected: < 6.14.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T14:55:26.031863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T15:57:41.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/qs",
          "defaultStatus": "affected",
          "modules": [
            "parse"
          ],
          "packageName": "qs",
          "repo": "https://github.com/ljharb/qs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.14.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.\u003cp\u003eThis issue affects qs: \u0026lt; 6.14.1.\u003c/p\u003e\u003ch3\u003e\u003cbr\u003eSummary\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option in qs did not enforce limits for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e), only for indexed notation (\u003ccode\u003ea[0]=1\u003c/code\u003e). This is a consistency bug; \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;should apply uniformly across all array notations.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u0026nbsp;The default \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;regardless of \u003ccode\u003earrayLimit\u003c/code\u003e, because each \u003ccode\u003ea[]=value\u003c/code\u003econsumes one parameter slot. The severity has been reduced accordingly.\u003c/p\u003e\u003ch3\u003eDetails\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option only checked limits for indexed notation (\u003ccode\u003ea[0]=1\u0026amp;a[1]=2\u003c/code\u003e) but did not enforce it for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eVulnerable code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:159-162\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eif (root === \u0027[]\u0027 \u0026amp;\u0026amp; options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWorking code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:175\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eelse if (index \u0026lt;= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThe bracket notation handler at line 159 uses \u003ccode\u003eutils.combine([], leaf)\u003c/code\u003e\u0026nbsp;without validating against \u003ccode\u003eoptions.arrayLimit\u003c/code\u003e, while indexed notation at line 175 checks \u003ccode\u003eindex \u0026lt;= options.arrayLimit\u003c/code\u003e\u0026nbsp;before creating arrays.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch3\u003ePoC\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026amp;a[]=2\u0026amp;a[]=3\u0026amp;a[]=4\u0026amp;a[]=5\u0026amp;a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eNote on parameterLimit interaction:\u003c/strong\u003e\u0026nbsp;The original advisory\u0027s \"DoS demonstration\" claimed a length of 10,000, but \u003ccode\u003eparameterLimit\u003c/code\u003e\u0026nbsp;(default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConsistency bug in \u003c/span\u003e\u003ccode\u003earrayLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;enforcement. With default \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the practical DoS risk is negligible since \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when \u003c/span\u003e\u003ccode\u003eparameterLimit\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is explicitly set to a very high value.\u003c/span\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummary\n\nThe arrayLimit\u00a0option in qs did not enforce limits for bracket notation (a[]=1\u0026a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit\u00a0should apply uniformly across all array notations.\n\nNote:\u00a0The default parameterLimit\u00a0of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit\u00a0regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.\n\nDetails\n\nThe arrayLimit\u00a0option only checked limits for indexed notation (a[0]=1\u0026a[1]=2) but did not enforce it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\n\n\nPoC\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\n\n\n\n\n\nNote on parameterLimit interaction:\u00a0The original advisory\u0027s \"DoS demonstration\" claimed a length of 10,000, but parameterLimit\u00a0(default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\n\nImpact\n\nConsistency bug in arrayLimit\u00a0enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit\u00a0already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit\u00a0is explicitly set to a very high value."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-469",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-469 HTTP DoS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T20:06:42.111Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "arrayLimit bypass in bracket notation allows DoS via memory exhaustion",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-15284",
    "datePublished": "2025-12-29T22:56:45.240Z",
    "dateReserved": "2025-12-29T21:36:51.399Z",
    "dateUpdated": "2026-02-10T20:06:42.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23184 (GCVE-0-2025-23184)

Vulnerability from cvelistv5 – Published: 2025-01-21 09:35 – Updated: 2025-12-15 15:58

Title

Apache CXF: Denial of Service vulnerability with temporary files

Summary

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

apache

References

5 references

URL	Tags
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/01/20/3
https://security.netapp.com/advisory/ntap-2025021…
https://www.vicarius.io/vsociety/posts/cve-2025-2…
https://www.vicarius.io/vsociety/posts/cve-2025-2…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache CXF	Affected: 0 , < 3.5.10 (semver) Affected: 3.6.0 , < 3.6.5 (semver) Affected: 4.0.0 , < 4.0.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-15T15:58:16.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/20/3"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0003/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T15:12:38.751238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T15:12:47.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CXF",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.5.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u0026nbsp;3.5.10, 3.6.5 and 4.0.6.\u0026nbsp;In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T09:35:37.468Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "source": {
        "defect": [
          "CXF-7396"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache CXF: Denial of Service vulnerability with temporary files",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-23184",
    "datePublished": "2025-01-21T09:35:37.468Z",
    "dateReserved": "2025-01-13T10:54:19.489Z",
    "dateUpdated": "2025-12-15T15:58:16.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23368 (GCVE-0-2025-23368)

Vulnerability from cvelistv5 – Published: 2025-03-04 15:14 – Updated: 2026-06-30 02:47

Title

Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli

Summary

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Assigner

redhat

References

7 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:18054	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18055	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18059	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-23368	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2337621	issue-trackingx_refsource_REDHAT
https://www.gruppotim.it/it/footer/red-team.html

Impacted products

14 products

Vendor	Product	Version
		Affected: 0 , ≤ * (semver)
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:7.3.18-3.GA_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1	cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Integration Camel K 1	cpe:/a:redhat:integration:1
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Date Public

2025-03-03 00:00

Credits

Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23368",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T15:57:14.702481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T15:57:33.318Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/wildfly/wildfly-core",
          "defaultStatus": "unknown",
          "packageName": "wildfly-core",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.18-3.GA_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.6-5.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.6-5.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Integration Camel K 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security/wildfly-elytron",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "wildfly-elytron-integration",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue."
        }
      ],
      "datePublic": "2025-03-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T02:47:11.489Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:18054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "name": "RHSA-2026:18055",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18055"
        },
        {
          "name": "RHSA-2026:18059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18059"
        },
        {
          "name": "RHSA-2026:33371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
        },
        {
          "name": "RHBZ#2337621",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
        },
        {
          "url": "https://www.gruppotim.it/it/footer/red-team.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-14T14:56:46.792Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-03-03T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli",
      "workarounds": [
        {
          "lang": "en",
          "value": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-23368",
    "datePublished": "2025-03-04T15:14:47.806Z",
    "dateReserved": "2025-01-14T15:23:42.646Z",
    "dateUpdated": "2026-06-30T02:47:11.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66412 (GCVE-0-2025-66412)

Vulnerability from cvelistv5 – Published: 2025-12-01 22:35 – Updated: 2026-06-02 13:00

Title

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Summary

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.

Severity

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/angular/angular/security/advis…	x_refsource_CONFIRM
https://github.com/angular/angular/commit/1c6b070…	x_refsource_MISC
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
angular	angular	Affected: >= 21.0.0-next.0 < 21.0.2 Affected: >= 20.0.0-next.0 < 20.3.15 Affected: >= 19.0.0-next.0 < 19.2.17 Affected: <= 18.2.14
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V4.0 (custom)
Siemens	SIDIS Prime	Affected: 0 , < V4.0.800 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T14:12:58.051369Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T14:13:07.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIDIS Prime",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0.800",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T13:00:31.963Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "angular",
          "vendor": "angular",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 21.0.0-next.0 \u003c 21.0.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0-next.0 \u003c 20.3.15"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0-next.0 \u003c 19.2.17"
            },
            {
              "status": "affected",
              "version": "\u003c= 18.2.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T22:35:59.211Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
        },
        {
          "name": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
        }
      ],
      "source": {
        "advisory": "GHSA-v4hv-rgfq-gp49",
        "discovery": "UNKNOWN"
      },
      "title": "Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66412",
    "datePublished": "2025-12-01T22:35:59.211Z",
    "dateReserved": "2025-11-28T23:33:56.366Z",
    "dateUpdated": "2026-06-02T13:00:31.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69873 (GCVE-0-2025-69873)

Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-06-30 03:15

Summary

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

Severity

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity
CWE-400 - Uncontrolled Resource Consumption

Assigner

mitre

References

31 references

URL	Tags
https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
https://github.com/EthanKim88/ethan-cve-disclosur…
https://github.com/github/advisory-database/pull/6991
https://github.com/ajv-validator/ajv/pull/2588
https://github.com/ajv-validator/ajv/releases/tag…
https://github.com/ajv-validator/ajv/pull/2590
https://access.redhat.com/security/cve/CVE-2025-69873	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2439070	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13512	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6277	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16874	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9742	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6802	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5807	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15091	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14774	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5910	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5907	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10093	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6192	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7314	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6568	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6497	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6567	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5168	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26214	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26211	vendor-advisoryx_refsource_REDHAT

Impacted products

65 products

Vendor	Product	Version
ajv.js	ajv	Affected: 0 , < 6.14.0 (semver) Affected: 7.0.0 , < 8.17.2 (semver)
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
Red Hat	Network Observability (NETOBSERV) 1.11.2	cpe:/a:redhat:network_observ_optr:1.11::el9
Red Hat	Red Hat Ansible Automation Platform 2.6	cpe:/a:redhat:ansible_automation_platform:2.6::el9
Red Hat	Red Hat Developer Hub 1.8	cpe:/a:redhat:rhdh:1.8::el9
Red Hat	Red Hat Developer Hub 1.9	cpe:/a:redhat:rhdh:1.9::el9
Red Hat	Red Hat OpenShift AI 2.16	cpe:/a:redhat:openshift_ai:2.16::el8
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat OpenShift Dev Spaces 3.27	cpe:/a:redhat:openshift_devspaces:3.27::el9
Red Hat	Red Hat Quay 3.14	cpe:/a:redhat:quay:3.14::el8
Red Hat	Red Hat Quay 3.15	cpe:/a:redhat:quay:3.15::el8
Red Hat	Red Hat Quay 3.16	cpe:/a:redhat:quay:3.16::el9
Red Hat	Red Hat Quay 3.9	cpe:/a:redhat:quay:3.9::el8
Red Hat	Red Hat Satellite 6.18	cpe:/a:redhat:satellite:6.18::el9
Red Hat	Confidential Compute Attestation	cpe:/a:redhat:confidential_compute_attestation:1
Red Hat	Logging Subsystem for Red Hat OpenShift	cpe:/a:redhat:logging:5
Red Hat	Node HealthCheck Operator	cpe:/a:redhat:workload_availability_nhc:0
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	Red Hat 3scale API Management Platform 2	cpe:/a:redhat:red_hat_3scale_amp:2
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat build of Apicurio Registry 2	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat Connectivity Link 1	cpe:/a:redhat:connectivity_link:1
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Edge Manager 1	cpe:/a:redhat:edge_manager:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Openshift Data Foundation 4	cpe:/a:redhat:openshift_data_foundation:4
Red Hat	Red Hat OpenShift Dev Spaces	cpe:/a:redhat:openshift_devspaces:3
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat	streams for Apache Kafka 3	cpe:/a:redhat:amq_streams:3
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 10	cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
Red Hat	Cryostat 4	cpe:/a:redhat:cryostat:4
Red Hat	Gatekeeper 3	cpe:/a:redhat:gatekeeper:3
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Network Observability Operator	cpe:/a:redhat:network_observ_optr:1
Red Hat	OpenShift Service Mesh 2	cpe:/a:redhat:service_mesh:2
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat build of OptaPlanner 8	cpe:/a:redhat:optaplanner:::el6
Red Hat	Red Hat Directory Server 11	cpe:/a:redhat:directory_server:11
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Directory Server 13	cpe:/a:redhat:directory_server:13
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	streams for Apache Kafka 2	cpe:/a:redhat:amq_streams:2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-69873",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:13:03.482882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T17:25:31.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "Network Observability (NETOBSERV) 1.11.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.16::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.27::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.27",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.14::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.15::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:confidential_compute_attestation:1"
            ],
            "defaultStatus": "affected",
            "product": "Confidential Compute Attestation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:5"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_nhc:0"
            ],
            "defaultStatus": "affected",
            "product": "Node HealthCheck Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_registry:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat build of Apicurio Registry 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_data_grid:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Data Grid 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_fuse:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Fuse 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_single_sign_on:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Single Sign-On 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:3"
            ],
            "defaultStatus": "affected",
            "product": "streams for Apache Kafka 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Cryostat 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:gatekeeper:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Gatekeeper 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "unaffected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Network Observability Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_broker:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat AMQ Broker 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:apache_camel_hawtio:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat build of Apache Camel - HawtIO 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:optaplanner:::el6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat build of OptaPlanner 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:11"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:12"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:13"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Process Automation 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:2"
            ],
            "defaultStatus": "unaffected",
            "product": "streams for Apache Kafka 2",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-11T00:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:15:35.561Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
          },
          {
            "name": "RHBZ#2439070",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33371"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6277"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16874"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6309"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9742"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6802"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5807"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15091"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14774"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5910"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5907"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10093"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6192"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7314"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6568"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6497"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6567"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5168"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26214"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26211"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7314: Red Hat Quay 3.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6568: Red Hat Quay 3.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6497: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6567: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5168: Red Hat Quay 3.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26214: Red Hat Satellite 6.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26211: Red Hat Satellite 6.18"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-11T19:01:32.953Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-11T00:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "ajv: ReDoS via $data reference",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ajv",
          "vendor": "ajv.js",
          "versions": [
            {
              "lessThan": "6.14.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.17.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.17.2",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-02T20:22:25.698Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
        },
        {
          "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
        },
        {
          "url": "https://github.com/github/advisory-database/pull/6991"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2588"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2590"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69873",
    "datePublished": "2026-02-11T00:00:00.000Z",
    "dateReserved": "2026-01-09T00:00:00.000Z",
    "dateUpdated": "2026-06-30T03:15:35.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9784 (GCVE-0-2025-9784)

Vulnerability from cvelistv5 – Published: 2025-09-02 13:37 – Updated: 2026-06-30 02:46

Title

Undertow: undertow madeyoureset http/2 ddos vulnerability

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling
CWE-404 - Improper Resource Shutdown or Release

Assigner

redhat

References

20 references

URL	Tags
https://access.redhat.com/errata/RHSA-2025:23143	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0383	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0384	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0386	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33372	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3889	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3891	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4915	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4916	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4917	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4924	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9784	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392306	issue-trackingx_refsource_REDHAT
https://github.com/undertow-io/undertow/pull/1778
https://github.com/undertow-io/undertow/releases/…
https://issues.redhat.com/browse/UNDERTOW-2598
https://kb.cert.org/vuls/id/767506
https://www.kb.cert.org/vuls/id/767506

Impacted products

60 products

Vendor	Product	Version
		Affected: 0 , < 2.2.38.Final (semver)
Red Hat	Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8	cpe:/a:redhat:apache_camel_spring_boot:4.14
Red Hat	Red Hat JBoss Enterprise Application Platform	Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7	Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9	Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9	Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8	Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9	Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Date Public

2025-09-01 06:21

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T13:55:22.694531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-404",
                "description": "CWE-404 Improper Resource Shutdown or Release",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T15:07:25.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:57.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/767506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/undertow-io/undertow/",
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "versions": [
            {
              "lessThan": "2.2.38.Final",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:4.14"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "affected",
          "packageName": "io.undertow/undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.2.39.Final-redhat-00001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.83.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-guava-libraries",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jaxb",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.6-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-3.redhat_00009.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.83.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-guava-libraries",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jaxb",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.6-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-3.redhat_00009.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.82.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eventstream",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-clustering",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-javadocs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-bouncycastle",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.82.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eventstream",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-clustering",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-javadocs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat build of Apache Camel - HawtIO 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "moditect",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "pki-core:10.6/resteasy",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "pki-deps:10.6/resteasy",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "resteasy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.jberet-jberet-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.jboss.eap-jboss-eap-xp",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "org.jboss.eap-jboss-eap-xp",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow-core",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-09-01T06:21:54.614Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T02:46:43.628Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:23143",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23143"
        },
        {
          "name": "RHSA-2026:0383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0383"
        },
        {
          "name": "RHSA-2026:0384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0384"
        },
        {
          "name": "RHSA-2026:0386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0386"
        },
        {
          "name": "RHSA-2026:33371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:33371"
        },
        {
          "name": "RHSA-2026:33372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:33372"
        },
        {
          "name": "RHSA-2026:3889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3889"
        },
        {
          "name": "RHSA-2026:3891",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3891"
        },
        {
          "name": "RHSA-2026:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3892"
        },
        {
          "name": "RHSA-2026:4915",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4915"
        },
        {
          "name": "RHSA-2026:4916",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4916"
        },
        {
          "name": "RHSA-2026:4917",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4917"
        },
        {
          "name": "RHSA-2026:4924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4924"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
        },
        {
          "name": "RHBZ#2392306",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
        },
        {
          "url": "https://github.com/undertow-io/undertow/pull/1778"
        },
        {
          "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
        },
        {
          "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
        },
        {
          "url": "https://kb.cert.org/vuls/id/767506"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-01T06:19:20.938Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-01T06:21:54.614Z",
          "value": "Made public."
        }
      ],
      "title": "Undertow: undertow madeyoureset http/2 ddos vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9784",
    "datePublished": "2025-09-02T13:37:59.772Z",
    "dateReserved": "2025-09-01T06:33:05.239Z",
    "dateUpdated": "2026-06-30T02:46:43.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1002 (GCVE-0-2026-1002)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:50 – Updated: 2026-01-15 21:09

Title

Eclipse Vert.x Web static handler file access denial

Summary

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): https://github.com/eclipse-vertx/vert.x/pull/5895 Steps to reproduce Given a file served by the static handler, craft an URI that introduces a string like bar%2F..%2F after the last / char to deny the access to the URI with an HTTP 404 response. For example https://example.com/foo/index.html can be denied with https://example.com/foo/bar%2F..%2Findex.html Mitgation Disabling Static Handler cache fixes the issue. StaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-444

Assigner

eclipse

References

2 references

URL	Tags
https://github.com/eclipse-vertx/vert.x/pull/5895	patch
https://github.com/vert-x3/vertx-web/issues/2836	exploit

Impacted products

1 product

Vendor	Product	Version
Eclipse Vert.x	Eclipse Vert.x	Affected: 4.0.0 , ≤ 4.5.23 (semver) Affected: 5.0.0 , ≤ 5.0.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1002",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:07:25.597990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:09:22.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/vert-x3/vertx-web/issues/2836"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "io.vertx",
          "product": "Eclipse Vert.x",
          "repo": "https://github.com/eclipse-vertx/vert.x",
          "vendor": "Eclipse Vert.x",
          "versions": [
            {
              "lessThanOrEqual": "4.5.23",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.6",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI.\u003c/p\u003e\n\u003cp\u003eThe issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/eclipse-vertx/vert.x/pull/5895\"\u003ehttps://github.com/eclipse-vertx/vert.x/pull/5895\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e\n\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003c/h2\u003e\u003ch2\u003eSteps to reproduce\u003c/h2\u003e\n\u003cp\u003eGiven a file served by the static handler, craft an URI that introduces a string like \u003ccode\u003ebar%2F..%2F\u003c/code\u003e after the last \u003ccode\u003e/\u003c/code\u003e char to deny the access to the URI with an HTTP 404 response. For example \u003ccode\u003ehttps://example.com/foo/index.html\u003c/code\u003e can be denied with \u003ccode\u003ehttps://example.com/foo/bar%2F..%2Findex.html\u003c/code\u003e\u003c/p\u003e\u003ch2\u003eMitgation\u003c/h2\u003e\n\u003cp\u003eDisabling Static Handler cache fixes the issue.\u003c/p\u003e\n\u003cdiv\u003e\n\u003cpre\u003e\u003ccode\u003eStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI.\n\n\nThe issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web):  https://github.com/eclipse-vertx/vert.x/pull/5895 \n\n\n\nSteps to reproduce\nGiven a file served by the static handler, craft an URI that introduces a string like bar%2F..%2F after the last / char to deny the access to the URI with an HTTP 404 response. For example https://example.com/foo/index.html can be denied with https://example.com/foo/bar%2F..%2Findex.html\n\nMitgation\nDisabling Static Handler cache fixes the issue.\n\n\n\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:50:25.642Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse Vert.x Web static handler file access denial",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2026-1002",
    "datePublished": "2026-01-15T20:50:25.642Z",
    "dateReserved": "2026-01-15T18:23:48.276Z",
    "dateUpdated": "2026-01-15T21:09:22.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:33371

CVE-2024-29371 (GCVE-0-2024-29371)

CVE-2025-12543 (GCVE-0-2025-12543)

CVE-2025-13465 (GCVE-0-2025-13465)

CVE-2025-15284 (GCVE-0-2025-15284)

CVE-2025-23184 (GCVE-0-2025-23184)

CVE-2025-23368 (GCVE-0-2025-23368)

CVE-2025-66412 (GCVE-0-2025-66412)

CVE-2025-69873 (GCVE-0-2025-69873)

CVE-2025-9784 (GCVE-0-2025-9784)

CVE-2026-1002 (GCVE-0-2026-1002)

Tags

Sightings

Nomenclature