Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS) via the LearningPushHandler, timing attacks on BouncyCastle cryptographic library, infinite loops causing DoS in cryptographic verification, and HTTP/2 CONTINUATION frame DoS. These issues affect components like undertow, BouncyCastle, netty-codec-http, and httpd within the platform. The update replaces version 7. 4. 17 and provides important security improvements to mitigate these vulnerabilities.
AI Analysis
Technical Summary
This security advisory for Red Hat JBoss Enterprise Application Platform 7.4.18 addresses several vulnerabilities including CVE-2024-3653 where the undertow component's LearningPushHandler can cause remote memory DoS attacks, CVE-2024-5971 involving response write hangs in TLSv1.3 NewSessionTicket handling on Java 17, timing variant Bleichenbacher attacks on BouncyCastle (CVE-2024-30171), denial of service via crafted EC certificate parameters (CVE-2024-29857), resource allocation without limits in netty-codec-http (CVE-2024-29025), infinite loops in ED25519 verification (CVE-2024-30172), and HTTP/2 CONTINUATION frame DoS (CVE-2024-27316). The advisory replaces the previous 7.4.17 release and includes upgrades to multiple components to fix these issues.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions including remote memory exhaustion and infinite loops causing service hangs or crashes. Timing attacks on cryptographic operations may expose sensitive information. Resource allocation without proper limits can degrade service availability. These impacts affect the stability and security of applications running on Red Hat JBoss Enterprise Application Platform 7.4 prior to this update.
Mitigation Recommendations
An official security update is available in Red Hat JBoss Enterprise Application Platform 7.4.18, which addresses all listed vulnerabilities. Users should apply this update after ensuring all prior errata are applied and backing up their systems. The vendor advisory provides detailed instructions for applying the update. No additional mitigations are required beyond applying this official fix.
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
Description
Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS) via the LearningPushHandler, timing attacks on BouncyCastle cryptographic library, infinite loops causing DoS in cryptographic verification, and HTTP/2 CONTINUATION frame DoS. These issues affect components like undertow, BouncyCastle, netty-codec-http, and httpd within the platform. The update replaces version 7. 4. 17 and provides important security improvements to mitigate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This security advisory for Red Hat JBoss Enterprise Application Platform 7.4.18 addresses several vulnerabilities including CVE-2024-3653 where the undertow component's LearningPushHandler can cause remote memory DoS attacks, CVE-2024-5971 involving response write hangs in TLSv1.3 NewSessionTicket handling on Java 17, timing variant Bleichenbacher attacks on BouncyCastle (CVE-2024-30171), denial of service via crafted EC certificate parameters (CVE-2024-29857), resource allocation without limits in netty-codec-http (CVE-2024-29025), infinite loops in ED25519 verification (CVE-2024-30172), and HTTP/2 CONTINUATION frame DoS (CVE-2024-27316). The advisory replaces the previous 7.4.17 release and includes upgrades to multiple components to fix these issues.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions including remote memory exhaustion and infinite loops causing service hangs or crashes. Timing attacks on cryptographic operations may expose sensitive information. Resource allocation without proper limits can degrade service availability. These impacts affect the stability and security of applications running on Red Hat JBoss Enterprise Application Platform 7.4 prior to this update.
Mitigation Recommendations
An official security update is available in Red Hat JBoss Enterprise Application Platform 7.4.18, which addresses all listed vulnerabilities. Users should apply this update after ensuring all prior errata are applied and backing up their systems. The vendor advisory provides detailed instructions for applying the update. No additional mitigations are required beyond applying this official fix.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:5145
- Cve Count
- 7
- Additional Cves
- ["CVE-2024-5971","CVE-2024-27316","CVE-2024-29025","CVE-2024-29857","CVE-2024-30171","CVE-2024-30172"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b5046249b
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:25:02 PM
Last updated: 6/2/2026, 12:44:47 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.