Red Hat Jboss Core Services
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Jboss Core Services.
Recent Red Hat Jboss Core Services Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:27200 | (RHSA-2026:27200) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update | June 22, 2026 |
| RHSA-2026:27201 | (RHSA-2026:27201) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update | June 22, 2026 |
| RHSA-2026:2995 | (RHSA-2026:2995) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update | February 23, 2026 |
| RHSA-2026:2994 | (RHSA-2026:2994) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update | February 23, 2026 |
| RHSA-2025:19020 | (RHSA-2025:19020) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP2 security update | October 27, 2025 |
| RHSA-2025:13681 | (RHSA-2025:13681) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update | August 14, 2025 |
| RHSA-2025:13680 | (RHSA-2025:13680) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update | August 14, 2025 |
| RHSA-2025:3453 | (RHSA-2025:3453) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update | April 2, 2025 |
| RHSA-2024:6928 | (RHSA-2024:6928) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update | September 24, 2024 |
| RHSA-2024:6927 | (RHSA-2024:6927) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update | September 24, 2024 |
By the Year
In 2026 there have been 15 vulnerabilities in Red Hat Jboss Core Services with an average score of 6.9 out of ten. Last year, in 2025 Jboss Core Services had 8 security vulnerabilities published. That is, 7 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.08
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 15 | 6.86 |
| 2025 | 8 | 6.94 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.45 |
| 2022 | 0 | 0.00 |
| 2021 | 7 | 7.51 |
| 2020 | 0 | 0.00 |
| 2019 | 8 | 7.80 |
| 2018 | 2 | 7.50 |
It may take a day or so for new Jboss Core Services vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Core Services Security Vulnerabilities
Apache HTTP Server mod_http DoS via Excessive Memory Allocation (2.4.17-2.4.67)
CVE-2026-49975
7.5 - High
- June 08, 2026
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
Stack Exhaustion
Denial of Service via Attribute Name Collision in libexpat < 2.8.1
CVE-2026-45186
7.5 - High
- May 10, 2026
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Inefficient Algorithmic Complexity
Apache HTTP Server 2.4.66 mod_proxy_ajp Heap Buffer Overflow (CVE-2026-28780)
CVE-2026-28780
8.1 - High
- May 05, 2026
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Heap-based Buffer Overflow
Apache HTTP Server 2.4.66 Double Free via HTTP/2 (possible RCE)
CVE-2026-23918
8.8 - High
- May 04, 2026
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Double-free
libxml2 XSD Internal Entity Type-Confusion DoS
CVE-2026-6732
6.5 - Medium
- April 23, 2026
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.
Object Type Confusion
Apache HttpClient 5.6 Auth Bypass SCRAM-SHA-256 (CVE-2026-40542)
CVE-2026-40542
7.3 - High
- April 22, 2026
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
Missing Critical Step in Authentication
Directory Traversal CVE-2025-67030 in Plexus-Utils Expand
CVE-2025-67030
8.3 - High
- March 25, 2026
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
Directory traversal
nghttp21.68.1: assertion fail via FRAME_SIZE_ERROR after session termination
CVE-2026-27135
7.5 - High
- March 18, 2026
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
assertion failure
Apache mod_proxy_cluster CRLF Injection (CVE-2026-3234)
CVE-2026-3234
4.3 - Medium
- March 12, 2026
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
CRLF Injection
Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757
6.2 - Medium
- February 02, 2026
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
Memory Leak
OpenSSL 3.x CMS AuthEnvelopedData AEAD IV stack overflow (v3.6+)
CVE-2025-15467
9.8 - Critical
- January 27, 2026
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Memory Corruption
libxml2 XML Catalog DoS via Repeated <nextCatalog> Recursion
CVE-2026-0992
2.9 - Low
- January 15, 2026
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.
Resource Exhaustion
Denial-of-Service via Unbounded <include> Recursion in libxml2 RelaxNG Parser
CVE-2026-0989
3.7 - Low
- January 15, 2026
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Stack Exhaustion
libxml2 Uncontrolled Recursion in xmlCatalogXMLResolveURI Causing DoS
CVE-2026-0990
5.9 - Medium
- January 15, 2026
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
Stack Exhaustion
zlib untgz Global Buffer Overflow pre1.3.1.2
CVE-2026-22184
8.6 - High
- January 07, 2026
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
Memory Corruption
libxml2 xmlSetTreeDoc UAF via stale ns pointer
CVE-2025-12863
- November 07, 2025
Memory Corruption in libxml2 via sch:name -> DoS
CVE-2025-49796
9.1 - Critical
- June 16, 2025
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Out-of-bounds Read
libxml2 NULL ptr deref via XPath causes DoS
CVE-2025-49795
7.5 - High
- June 16, 2025
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
Dangling pointer
UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794)
CVE-2025-49794
9.1 - Critical
- June 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Dangling pointer
xmllint CLI Buffer Overflow via Oversized Input in Interactive Shell
CVE-2025-6170
2.5 - Low
- June 16, 2025
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
Stack Overflow
Stack Overflow in libxml2 xmlBuildQName (CVE-2025-6021)
CVE-2025-6021
7.5 - High
- June 12, 2025
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Memory Corruption
Apache HTTP Server mod_proxy_cluster <Directory> misconfig allows MCMP hijack
CVE-2024-10306
5.4 - Medium
- April 23, 2025
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.
AuthZ
DoS via Stack Overflow in libexpat Recursive Entity Expansion
CVE-2024-8176
7.5 - High
- March 14, 2025
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Stack Exhaustion
Apache HTTP Server mod_proxy_cluster XSS via URL alias param
CVE-2023-6710
5.4 - Medium
- December 12, 2023
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
XSS
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
A flaw was found in libxml2
CVE-2021-3541
6.5 - Medium
- July 09, 2021
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
XEE
There's a flaw in libxml2's xmllint in versions before 2.9.11
CVE-2021-3516
7.8 - High
- June 01, 2021
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Dangling pointer
A flaw was found in OpenLDAP in versions before 2.4.56
CVE-2020-25710
7.5 - High
- May 28, 2021
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
assertion failure
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11
CVE-2021-3517
8.6 - High
- May 19, 2021
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Memory Corruption
A flaw was found in OpenLDAP
CVE-2020-25709
7.5 - High
- May 18, 2021
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAPs slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
assertion failure
There's a flaw in libxml2 in versions before 2.9.11
CVE-2021-3518
8.8 - High
- May 18, 2021
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Dangling pointer
A vulnerability found in libxml2 in versions before 2.9.11 shows
CVE-2021-3537
5.9 - Medium
- May 14, 2021
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
NULL Pointer Dereference
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation
CVE-2019-9511
- August 13, 2019
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service
CVE-2019-9517
- August 13, 2019
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
CVE-2019-9518
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
CVE-2019-9516
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
CVE-2019-9513
- August 13, 2019
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service
CVE-2019-9515
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Resource Exhaustion
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
CVE-2019-9514
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Resource Exhaustion
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38
CVE-2019-0211
7.8 - High
- April 08, 2019
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Dangling pointer
The Apache Web Server (httpd) specific code
CVE-2018-11759
7.5 - High
- October 31, 2018
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
Directory traversal
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode
CVE-2016-9596
- August 16, 2018
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications
CVE-2017-12613
- October 24, 2017
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode
CVE-2016-3627
7.5 - High
- May 17, 2016
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Jboss Core Services or by Red Hat? Click the Watch button to subscribe.