Issued:: 2026-03-30
Updated:: 2026-03-30

RHSA-2026:6011 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: Red Hat JBoss Enterprise Application Platform 7.3.17 security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection (CVE-2026-0603)
org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded (CVE-2024-3884)
cxf: CXF JMS Code Execution Vulnerability (CVE-2025-48913)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.3 EUS 7.3 x86_64

Fixes

BZ - 2275287 - CVE-2024-3884 undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
BZ - 2367730 - CVE-2025-4949 org.eclipse.jgit: XXE vulnerability in Eclipse JGit
BZ - 2387221 - CVE-2025-48913 org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
BZ - 2427147 - CVE-2026-0603 org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
JBEAP-31431 - Tracker bug for the EAP 7.3.17 release for RHEL-7

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.3 EUS 7.3

SRPM
eap7-apache-cxf-3.4.10-3.SP2_redhat_00003.1.el7eap.src.rpm	SHA-256: e48d97db4354062a9456355b7a638010ae3b9f99d5c5ac25d17843ca456b9ab4
eap7-eclipse-jgit-5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src.rpm	SHA-256: ab4db5517c2b827176d933cbfd2ac7801a074f47a372b55ef7e49e4dd29c4699
eap7-hibernate-5.3.38-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: 77937b61e2c41b22def86e8b62c17437dc937d1d73fb42b5d9b972ded91357cd
eap7-jboss-server-migration-1.7.2-21.Final_redhat_00023.1.el7eap.src.rpm	SHA-256: 157eeb6a400b3fcf5630a96c5fbaca3f21bae7417c12fa694ed10a358b28f8b9
eap7-jbossws-cxf-5.3.0-2.SP1_redhat_00002.1.el7eap.src.rpm	SHA-256: 4016fca2c9119b8757c766300153f1f20f5aa2416171308c11cdd43ceef58ab4
eap7-undertow-2.0.41-7.SP8_redhat_00001.1.el7eap.src.rpm	SHA-256: 67fb75261c78ae6fc5f95c7322a0fa83bea3058abc59593151eeef58b5a8e372
eap7-wildfly-7.3.17-5.GA_redhat_00006.1.el7eap.src.rpm	SHA-256: 5dc50de188e98622f8214b82dd718b824330df43cd84f192d9c0487bbb88dec6
x86_64
eap7-apache-cxf-3.4.10-3.SP2_redhat_00003.1.el7eap.noarch.rpm	SHA-256: 207e23313e3ddb1ba8170379a8e3a26b3dbfcc5a52cbef0b2322d246534a4d1d
eap7-apache-cxf-rt-3.4.10-3.SP2_redhat_00003.1.el7eap.noarch.rpm	SHA-256: 7000c486ed017e1da697f55ec0c795d2a1ba191d8f1c2351d9ad9f9341f08259
eap7-apache-cxf-services-3.4.10-3.SP2_redhat_00003.1.el7eap.noarch.rpm	SHA-256: ab961672b3f02fcc21e35a5baf5d9d57be1ffee01073adcabd8a6366990ae3af
eap7-apache-cxf-tools-3.4.10-3.SP2_redhat_00003.1.el7eap.noarch.rpm	SHA-256: fdcbc6e69ada6593a2addfc3171f7acc234c48e6cf86a8b8eeba08336ececf61
eap7-eclipse-jgit-5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 518b5a6b9fbf06426e002c51f7f9388fc71b2503d2a9d00931039539d0bf3355
eap7-hibernate-5.3.38-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: c26894378063416aa8099c64be2e08bc943cf8aae64be71cd7bea8d5729ff76d
eap7-hibernate-core-5.3.38-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 54e4f2b096a0109e10c1c46b73923595793de610f797269190ad5d9eed4eb57c
eap7-hibernate-entitymanager-5.3.38-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: e297d8b52de24505e6e45898179a5a3160ffecbd90de9fc8e7cc98ff1da8c2d9
eap7-hibernate-envers-5.3.38-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 03266a103e59b5afde5efe4a980618ef60e5234adb8c8d8f3a03a70629f78e88
eap7-hibernate-java8-5.3.38-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 5c7ab3602e93ac163dcaff71bfeb1f41fa792454e66aa0b67b93f92226ac640b
eap7-jboss-server-migration-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: e4e8cc3c6ee752a1c48f8c88dbd65eb4d02c5c592dc22e5512502a872e5edf45
eap7-jboss-server-migration-cli-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 5e1120b7c3eb373c2df766f30117b97576ffae59674693e9a9f97d9ccdaabc9d
eap7-jboss-server-migration-core-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 78ec7ce78120d45d5799acb5b76ad4997ac3d7732137866216b89f117ace580d
eap7-jboss-server-migration-eap6.4-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: b0cec05d7a697c2e2fcf500843a7eb54c5eec7f03df3d2908b64ba0274521a0d
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: e0292cda2292c01e15439c7d37faf6eb3965b91403d1411973bccdecc75afaaf
eap7-jboss-server-migration-eap7.0-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: f9f3217fb4a7de2d21660ae8857b0237350437fd04d6a6c735188bafd40271c4
eap7-jboss-server-migration-eap7.1-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: cc80ccc7ecc80baaec1606c1c3bc7cb7b5b231dfa67ec848e4d16ea0f14ae3e2
eap7-jboss-server-migration-eap7.2-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 7c216377c7d1c174692ff1ee9aa219cf21cebba28e35203fdb9cdf945f02b663
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 2a5a6c3987ecfb72ef576c4571560461abab71ff12b0ea3d06c92ff8bb5f271e
eap7-jboss-server-migration-eap7.3-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 2f26200d39b496972cc8a7fb7b450f0de3215e2069666540af9fb5cb9d9794d7
eap7-jboss-server-migration-wildfly10.0-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 6e3c1ad5967872f2ebf4a8e3eea8c86122c04eef683b96e314d90fe37f96a708
eap7-jboss-server-migration-wildfly10.1-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: ddef592377837e2012d7b71a19bf0b29ef74d3a51ef2b1f51caa3afae2c80299
eap7-jboss-server-migration-wildfly11.0-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: e162f6b20b09b840955cfcdefa621441c8d8954cbc6864135b700e8d0fb7a2d2
eap7-jboss-server-migration-wildfly12.0-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 7f0a4dec28ea6cb220a00c4313fb17f2cd62b023a642063e9328dc1544026331
eap7-jboss-server-migration-wildfly13.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: db63ab3b483eb45970214dd92848e08b29200b37d2345b2293ec276b5234b75d
eap7-jboss-server-migration-wildfly14.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 6a0dd556c662625775d81673600a6565cd89fc88cf3fbdfc1b10101f10d34a06
eap7-jboss-server-migration-wildfly15.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 7b581955b1c35001b19401bcf0dd1cd1b60cfd99627cd633d8707c23d45d4f02
eap7-jboss-server-migration-wildfly16.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 9aef2ec5e2b641cca85574962fd3ca5a00326e63d84a4658526cc0f4532c02d2
eap7-jboss-server-migration-wildfly17.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 8111f1a5357c2b9d7f745b91b0b8cc99e2a7553a49253f912ca99e752920bca7
eap7-jboss-server-migration-wildfly18.0-server-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 8574e139f020d366909c1b0b2234aaa08eacb1c02698f207ecd9ea8a00e017a5
eap7-jboss-server-migration-wildfly8.2-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 35b2147ef000d994d5b3a375ffe582362620f0f157c38e1a43fa7e078468996e
eap7-jboss-server-migration-wildfly9.0-1.7.2-21.Final_redhat_00023.1.el7eap.noarch.rpm	SHA-256: 99bad2bfe00d3d29eab9de5c8c1ac98a647fcd13a29456595eb3bc024d422711
eap7-jbossws-cxf-5.3.0-2.SP1_redhat_00002.1.el7eap.noarch.rpm	SHA-256: 961eef70102901800c7d7f2c98d8206b22105c906424084cfe9a84457a38d6ec
eap7-undertow-2.0.41-7.SP8_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 18b9e4daa8fb884e638811fa12b91c452bcb02420575aff058718f70f3bbebd6
eap7-wildfly-7.3.17-5.GA_redhat_00006.1.el7eap.noarch.rpm	SHA-256: 5bec9b4de064c8cdabb93a2bfabc39f89c9a21c1666a79491766c26139408a4d
eap7-wildfly-java-jdk11-7.3.17-5.GA_redhat_00006.1.el7eap.noarch.rpm	SHA-256: b3a87510c19f4d9c96a2d77cd2b4326792e9f9b2aaf41c3c938d6b7838805310
eap7-wildfly-java-jdk8-7.3.17-5.GA_redhat_00006.1.el7eap.noarch.rpm	SHA-256: b7305ef4d0bd0683f34dfb513ad68bd237de45eb63b6d8850203f9a207dc75b4
eap7-wildfly-javadocs-7.3.17-5.GA_redhat_00006.1.el7eap.noarch.rpm	SHA-256: 6f6ad21c998a5310279b2ad35a7550222dce84bbd9ff69a4e76563998eafb474
eap7-wildfly-modules-7.3.17-5.GA_redhat_00006.1.el7eap.noarch.rpm	SHA-256: 3fdfa2c758dd9319c337b0dd93e339a424c31b173bbc7bb9314f57fd5d51078e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation