{
  "schema_version": "1.7.0",
  "id": "RHSA-2026:33371",
  "related": [],
  "upstream": [
    "CVE-2024-29371",
    "CVE-2025-9784",
    "CVE-2025-12543",
    "CVE-2025-13465",
    "CVE-2025-15284",
    "CVE-2025-23184",
    "CVE-2025-23368",
    "CVE-2025-66412",
    "CVE-2025-69873",
    "CVE-2026-1002",
    "CVE-2026-24842"
  ],
  "published": "2026-06-30T10:49:44Z",
  "modified": "2026-07-01T10:19:20Z",
  "summary": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"
    }
  ],
  "affected": [
    {
      "package": {
        "name": "eap7-wildfly",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-wildfly"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:7.3.18-3.GA_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-wildfly-java-jdk11",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:7.3.18-3.GA_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-wildfly-java-jdk8",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:7.3.18-3.GA_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-wildfly-javadocs",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:7.3.18-3.GA_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-wildfly-modules",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-wildfly-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:7.3.18-3.GA_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-undertow",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-undertow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:2.0.41-8.SP9_redhat_00001.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.4.10-4.SP2_redhat_00004.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-rt",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.4.10-4.SP2_redhat_00004.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-services",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.4.10-4.SP2_redhat_00004.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-tools",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.3::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.4.10-4.SP2_redhat_00004.1.el7eap"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:33371"
    },
    {
      "type": "ARTICLE",
      "url": "https://access.redhat.com/security/updates/classification/#important"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/JBEAP-31703"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/JBEAP-33004"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-29371"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
    },
    {
      "type": "ARTICLE",
      "url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/undertow-io/undertow/pull/1778"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
    },
    {
      "type": "ARTICLE",
      "url": "https://kb.cert.org/vuls/id/767506"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
    },
    {
      "type": "ARTICLE",
      "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23368"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368"
    },
    {
      "type": "ARTICLE",
      "url": "https://www.gruppotim.it/it/footer/red-team.html"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-66412"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418155"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66412"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1002"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-24842"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
    }
  ]
}