Bug 2413071 (CVE-2025-12799) - CVE-2025-12799 jastow: Jastow Cross-Site Scripting attack due to unsanitized URI
Summary: CVE-2025-12799 jastow: Jastow Cross-Site Scripting attack due to unsanitized URI
Keywords:
Status: NEW
Alias: CVE-2025-12799
Deadline: 2026-07-07
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-06 11:17 UTC by OSIDB Bzimport
Modified: 2026-07-07 18:05 UTC (History)
34 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:36342 0 None None None 2026-07-07 18:00:27 UTC
Red Hat Product Errata RHSA-2026:36343 0 None None None 2026-07-07 18:00:38 UTC
Red Hat Product Errata RHSA-2026:36344 0 None None None 2026-07-07 18:05:54 UTC
Red Hat Product Errata RHSA-2026:36345 0 None None None 2026-07-07 18:00:10 UTC

Description OSIDB Bzimport 2025-11-06 11:17:02 UTC
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.

Comment 13 errata-xmlrpc 2026-07-07 18:00:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1

Via RHSA-2026:36345 https://access.redhat.com/errata/RHSA-2026:36345

Comment 14 errata-xmlrpc 2026-07-07 18:00:24 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Via RHSA-2026:36342 https://access.redhat.com/errata/RHSA-2026:36342

Comment 15 errata-xmlrpc 2026-07-07 18:00:36 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Via RHSA-2026:36343 https://access.redhat.com/errata/RHSA-2026:36343

Comment 16 errata-xmlrpc 2026-07-07 18:05:51 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10

Via RHSA-2026:36344 https://access.redhat.com/errata/RHSA-2026:36344


Note You need to log in before you can comment on or make changes to this bug.