PT-2016-7195 · Red Hat · Red Hat Jboss Enterprise Application Platform+1

Timothy Walsh

·

Publicado

2016-10-03

·

Atualizado

2022-05-17

·

CVE-2016-7046

CVSS v2.0

7.1

Alta

VetorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (EAP) version 7
Description The issue allows remote attackers to cause a denial of service, consuming CPU and disk resources, by sending a long URL when the platform operates as a reverse-proxy with default buffer sizes. This can lead to a java.nio.BufferOverflowException in Undertow.
Recommendations For Red Hat JBoss Enterprise Application Platform (EAP) version 7, consider adjusting the default buffer sizes to prevent excessive CPU and disk consumption when handling long URL proxy requests. As a temporary workaround, restrict the maximum allowed URL length to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-248

Identificadores relacionados

CVE-2016-7046
GHSA-3F57-W2RP-72FC
RHSA-2016:2640
RHSA-2016:2641
RHSA-2016:2642
RHSA-2017:3454
RHSA-2017:3455
RHSA-2017:3458

Produtos afetados

Red Hat Jboss Enterprise Application Platform
Undertow