PT-2018-5102 · Red Hat · Undertow+1

Adam Mariš

Publicado

2018-03-12

Atualizado

2022-05-13

CVE-2016-9589

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wildfly versions prior to 11.0.0.Beta1

Description The issue is related to a resource exhaustion problem in Undertow, which can lead to a denial of service. Undertow maintains a cache of seen HTTP headers in persistent connections. This cache can be exploited to fill memory with unnecessary data, up to a certain limit defined by the product's configuration, specifically "max-headers" and "max-header-size" per active TCP connection.

Recommendations For versions prior to 11.0.0.Beta1, update to version 11.0.0.Beta1 or later to resolve the issue.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2016-9589

GHSA-P4XG-CPR9-VWVJ

RHSA-2017:0831

RHSA-2017:0832

RHSA-2017:0834

RHSA-2017:0872

RHSA-2017:0873

RHSA-2017:3454

RHSA-2017:3455

RHSA-2017:3458

Produtos afetados

Undertow

Wildfly

PT-2018-5102 · Red Hat · Undertow+1

CVE-2016-9589

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19