Stuart Douglas

**Name of the Vulnerable Software and Affected Versions** WildFly OpenSSL versions prior to 1.1.3.Final **Description** A memory leak flaw was found in WildFly OpenSSL, where it removes an HTTP session, potentially allowing an attacker to cause an out-of-memory (OOM) condition leading to a denial of service. The highest threat from this issue is to system availability. Exploitation of this flaw may also allow a remote attacker to cause a denial of service or gain full access to the system. **Recommendations** For versions prior to 1.1.3.Final, update to version 1.1.3.Final or later to resolve the issue. As a temporary workaround, consider restricting access to system resources to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: undertow versions prior to 1.4.18.SP1 undertow versions prior to 2.0.2.Final undertow versions prior to 1.4.24.Final Description: The issue arises when using Digest authentication, as the server fails to verify that the URI in the Authorization header matches the URI in the HTTP request line. This oversight allows an attacker to launch a Man-in-the-Middle (MITM) attack, thereby gaining access to desired content on the server. Recommendations: For versions prior to 1.4.18.SP1, update to version 1.4.18.SP1 or later. For versions prior to 2.0.2.Final, update to version 2.0.2.Final or later. For versions prior to 1.4.24.Final, update to version 1.4.24.Final or later.