{"id":"RHSA-2026:33371","summary":"Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update","modified":"2026-06-30T18:34:51.424018690Z","published":"2026-06-30T10:49:44Z","upstream":["CVE-2024-29371","CVE-2025-12543","CVE-2025-13465","CVE-2025-15284","CVE-2025-23184","CVE-2025-23368","CVE-2025-66412","CVE-2025-69873","CVE-2025-9784","CVE-2026-1002","CVE-2026-24842"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33371"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2339095"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408784"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423194"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/JBEAP-31703"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/JBEAP-33004"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-29371"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-29371"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29371"},{"type":"ARTICLE","url":"https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-9784"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-9784"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9784"},{"type":"ARTICLE","url":"https://github.com/undertow-io/undertow/pull/1778"},{"type":"ARTICLE","url":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/UNDERTOW-2598"},{"type":"ARTICLE","url":"https://kb.cert.org/vuls/id/767506"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-12543"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-12543"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12543"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-13465"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431740"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-13465"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13465"},{"type":"ARTICLE","url":"https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-15284"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425946"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-15284"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15284"},{"type":"ARTICLE","url":"https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"},{"type":"ARTICLE","url":"https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-23184"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-23184"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23184"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-23368"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337621"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-23368"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23368"},{"type":"ARTICLE","url":"https://www.gruppotim.it/it/footer/red-team.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-66412"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418155"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-66412"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66412"},{"type":"ARTICLE","url":"https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"},{"type":"ARTICLE","url":"https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439070"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-69873"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69873"},{"type":"ARTICLE","url":"https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-1002"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430180"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-1002"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1002"},{"type":"ARTICLE","url":"https://github.com/eclipse-vertx/vert.x/pull/5895"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433645"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24842"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24842"},{"type":"ARTICLE","url":"https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"},{"type":"ARTICLE","url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"}],"affected":[{"package":{"name":"eap7-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.18-3.GA_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-wildfly-java-jdk11","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-wildfly-java-jdk11"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.18-3.GA_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-wildfly-java-jdk8","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-wildfly-java-jdk8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.18-3.GA_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-wildfly-javadocs","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-wildfly-javadocs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.18-3.GA_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-wildfly-modules","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-wildfly-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.3.18-3.GA_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-undertow","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-undertow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.41-8.SP9_redhat_00001.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-apache-cxf","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.10-4.SP2_redhat_00004.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-apache-cxf-rt","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-rt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.10-4.SP2_redhat_00004.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-apache-cxf-services","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-services"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.10-4.SP2_redhat_00004.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}},{"package":{"name":"eap7-apache-cxf-tools","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.3::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.10-4.SP2_redhat_00004.1.el7eap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"}]}