Timothy Walsh

**Name of the Vulnerable Software and Affected Versions** mod cluster version 1.2.9 **Description** A stack-based buffer overflow issue exists in the native/mod manager/node.c file of mod cluster. **Recommendations** For mod cluster version 1.2.9, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) version 7 **Description** The issue allows remote attackers to cause a denial of service, consuming CPU and disk resources, by sending a long URL when the platform operates as a reverse-proxy with default buffer sizes. This can lead to a java.nio.BufferOverflowException in Undertow. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) version 7, consider adjusting the default buffer sizes to prevent excessive CPU and disk consumption when handling long URL proxy requests. As a temporary workaround, restrict the maximum allowed URL length to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Application Platform (EAP) versions prior to 6.4.4 WildFly (formerly JBoss Application Server) versions prior to 6.4.4 **Description** The issue allows remote attackers to cause a denial of service (memory consumption) via a large request header. This is due to a buffer overflow vulnerability in the Web Console of the affected platforms. **Recommendations** For Red Hat Enterprise Application Platform (EAP) versions prior to 6.4.4, update to version 6.4.4 or later. For WildFly (formerly JBoss Application Server) versions prior to 6.4.4, update to version 6.4.4 or later.