Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.13 on RHEL 7 security update
Red Hat JBoss Enterprise Application Platform 7. 1. 13 for RHEL 7 includes security fixes for two vulnerabilities: a potential StackoverflowError in jackson-core (CVE-2025-52999) and an HTTP/2 DDoS vulnerability in netty-codec-http2 (CVE-2025-55163). This update replaces version 7. 1. 12 and addresses these critical security issues. Users should apply this update after ensuring all prior errata are installed and backing up their systems.
AI Analysis
Technical Summary
This advisory addresses two security vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.1.13 on RHEL 7. The first vulnerability (CVE-2025-52999) involves a potential StackoverflowError in the jackson-core library, which could cause application instability or crashes. The second vulnerability (CVE-2025-55163) is an HTTP/2 Denial of Service (DDoS) vulnerability in the netty-codec-http2 component, known as the 'MadeYouReset' vulnerability, which could be exploited to disrupt service availability. The update to version 7.1.13 includes patches for these issues, upgrading undertow and wildfly-core components as part of the fix. The Red Hat advisory rates the update as important, with the overall severity assessed as critical in this context.
Potential Impact
Exploitation of CVE-2025-52999 could lead to application crashes due to stack overflow errors in jackson-core, potentially affecting application stability. CVE-2025-55163 could allow attackers to perform HTTP/2-based denial-of-service attacks, impacting service availability. Both vulnerabilities pose significant risks to the reliability and availability of applications running on the affected platform.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.1.13 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata relevant to the system are installed and back up all applications, configuration files, and databases. Follow Red Hat's official guidance for applying the update as detailed in their advisory (RHSA-2026:0742). No additional mitigation actions are specified beyond applying this update.
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.13 on RHEL 7 security update
Description
Red Hat JBoss Enterprise Application Platform 7. 1. 13 for RHEL 7 includes security fixes for two vulnerabilities: a potential StackoverflowError in jackson-core (CVE-2025-52999) and an HTTP/2 DDoS vulnerability in netty-codec-http2 (CVE-2025-55163). This update replaces version 7. 1. 12 and addresses these critical security issues. Users should apply this update after ensuring all prior errata are installed and backing up their systems.
Affected software
pkg:maven/org.jboss.eap/jboss-enterprise-application-platformAI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory addresses two security vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.1.13 on RHEL 7. The first vulnerability (CVE-2025-52999) involves a potential StackoverflowError in the jackson-core library, which could cause application instability or crashes. The second vulnerability (CVE-2025-55163) is an HTTP/2 Denial of Service (DDoS) vulnerability in the netty-codec-http2 component, known as the 'MadeYouReset' vulnerability, which could be exploited to disrupt service availability. The update to version 7.1.13 includes patches for these issues, upgrading undertow and wildfly-core components as part of the fix. The Red Hat advisory rates the update as important, with the overall severity assessed as critical in this context.
Potential Impact
Exploitation of CVE-2025-52999 could lead to application crashes due to stack overflow errors in jackson-core, potentially affecting application stability. CVE-2025-55163 could allow attackers to perform HTTP/2-based denial-of-service attacks, impacting service availability. Both vulnerabilities pose significant risks to the reliability and availability of applications running on the affected platform.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.1.13 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata relevant to the system are installed and back up all applications, configuration files, and databases. Follow Red Hat's official guidance for applying the update as detailed in their advisory (RHSA-2026:0742). No additional mitigation actions are specified beyond applying this update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:0742
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-55163"]
- Cvss Version
- null
Threat ID: 6a294d718dd33fbd853ab55e
Added to database: 6/10/2026, 11:41:37 AM
Last enriched: 6/10/2026, 11:58:04 AM
Last updated: 6/10/2026, 2:17:57 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.