Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks, infinite loops, and resource allocation issues. These vulnerabilities affect components like undertow, BouncyCastle cryptographic libraries, netty-codec-http, and HTTP/2 handling. The update replaces version 7. 4. 17 and provides important security improvements. Users are advised to apply this update after ensuring all prior errata are installed and backing up their systems.
AI Analysis
Technical Summary
Red Hat JBoss Enterprise Application Platform 7.4.18 addresses several security vulnerabilities including CVE-2024-3653 where the undertow LearningPushHandler can lead to remote memory DoS attacks, CVE-2024-5971 involving response write hangs with Java 17 TLSv1.3 NewSessionTicket, CVE-2024-30171 and CVE-2024-29857 related to BouncyCastle cryptographic library issues such as timing attacks and crafted EC certificate handling causing DoS, CVE-2024-29025 concerning resource allocation without limits in netty-codec-http, CVE-2024-30172 involving an infinite loop in ED25519 verification, and CVE-2024-27316 related to HTTP/2 CONTINUATION frames DoS. The advisory recommends upgrading to version 7.4.18 which includes these fixes along with other component upgrades.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions through remote memory exhaustion, infinite loops, or hangs in processing TLS or HTTP/2 frames. Additionally, cryptographic weaknesses could allow timing attacks or denial of service when processing specially crafted certificates. These issues could disrupt application availability or degrade service performance. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.4.18 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata are installed and back up all applications, configuration files, and databases. Follow Red Hat's official update procedures as detailed in their advisory and documentation. No additional mitigations are indicated beyond applying this update.
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
Description
Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks, infinite loops, and resource allocation issues. These vulnerabilities affect components like undertow, BouncyCastle cryptographic libraries, netty-codec-http, and HTTP/2 handling. The update replaces version 7. 4. 17 and provides important security improvements. Users are advised to apply this update after ensuring all prior errata are installed and backing up their systems.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat JBoss Enterprise Application Platform 7.4.18 addresses several security vulnerabilities including CVE-2024-3653 where the undertow LearningPushHandler can lead to remote memory DoS attacks, CVE-2024-5971 involving response write hangs with Java 17 TLSv1.3 NewSessionTicket, CVE-2024-30171 and CVE-2024-29857 related to BouncyCastle cryptographic library issues such as timing attacks and crafted EC certificate handling causing DoS, CVE-2024-29025 concerning resource allocation without limits in netty-codec-http, CVE-2024-30172 involving an infinite loop in ED25519 verification, and CVE-2024-27316 related to HTTP/2 CONTINUATION frames DoS. The advisory recommends upgrading to version 7.4.18 which includes these fixes along with other component upgrades.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions through remote memory exhaustion, infinite loops, or hangs in processing TLS or HTTP/2 frames. Additionally, cryptographic weaknesses could allow timing attacks or denial of service when processing specially crafted certificates. These issues could disrupt application availability or degrade service performance. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.4.18 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata are installed and back up all applications, configuration files, and databases. Follow Red Hat's official update procedures as detailed in their advisory and documentation. No additional mitigations are indicated beyond applying this update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:5147
- Cve Count
- 7
- Additional Cves
- ["CVE-2024-5971","CVE-2024-27316","CVE-2024-29025","CVE-2024-29857","CVE-2024-30171","CVE-2024-30172"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b5046247b
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:24:54 PM
Last updated: 6/2/2026, 12:37:30 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.