CVE-2019-17555

Name of the Vulnerable Software and Affected Versions Apache Olingo versions 4.0.0 through 4.6.0

Description The issue allows a malicious server to potentially implement a Denial of Service (DoS) attack by returning a large value in the Retry-After header, which is then passed to the Thread.sleep() method without any validation.

Recommendations For Apache Olingo versions 4.0.0 through 4.6.0, consider implementing input validation for the Retry-After header to prevent excessively large values from being passed to the Thread.sleep() method. As a temporary workaround, consider restricting access to the AsyncResponseWrapperImpl class until a patch is available.