Red Hat Jboss Enterprise Application Platform Els
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Jboss Enterprise Application Platform Els.
By the Year
In 2026 there have been 2 vulnerabilities in Red Hat Jboss Enterprise Application Platform Els with an average score of 9.0 out of ten. Last year, in 2025 Jboss Enterprise Application Platform Els had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Jboss Enterprise Application Platform Els in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.45.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.95 |
| 2025 | 2 | 7.50 |
It may take a day or so for new Jboss Enterprise Application Platform Els vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Enterprise Application Platform Els Security Vulnerabilities
Hibernate Second-Order SQLi via InlineIdsOrClauseBuilder
CVE-2026-0603
8.3 - High
- January 23, 2026
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
SQL Injection
Undertow Host Header Validation Flaw Enables Cache Poisoning
CVE-2025-12543
9.6 - Critical
- January 07, 2026
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Improper Input Validation
Undertow OOM DoS via Large application/x-www-form-urlencoded
CVE-2024-3884
7.5 - High
- December 03, 2025
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
Improper Input Validation
Undertow DoS via MadeYouReset Server-Reset Abuse
CVE-2025-9784
7.5 - High
- September 02, 2025
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Jboss Enterprise Application Platform Els or by Red Hat? Click the Watch button to subscribe.
