Threat Intelligence Database

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.1. See Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions [eap-8.1.z] (CVE-2025-58056) * netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions [eap-8.1.z] (CVE-2025-58056) * cxf: CXF JMS Code Execution Vulnerability [eap-8.1.z] (CVE-2025-48913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.0. See Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163) * netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions [eap-8.0.z] (CVE-2025-58056) * cxf: CXF JMS Code Execution Vulnerability (CVE-2025-48913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.16 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * UNDERTOW-2429 undertow: Improper State Management in Proxy Protocol parsing causes information leakage [eap-7.3.z] (CVE-2024-7885) * jackson-core: jackson-core Potential StackoverflowError [eap-7.3.z] (CVE-2025-52999) * netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability [eap-7.3.z] (CVE-2025-55163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.