PT-2018-5102 · Red Hat · Undertow+1

Adam Mariš

Published

2018-03-12

Updated

2022-05-13

CVE-2016-9589

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wildfly versions prior to 11.0.0.Beta1

Description The issue is related to a resource exhaustion problem in Undertow, which can lead to a denial of service. Undertow maintains a cache of seen HTTP headers in persistent connections. This cache can be exploited to fill memory with unnecessary data, up to a certain limit defined by the product's configuration, specifically "max-headers" and "max-header-size" per active TCP connection.

Recommendations For versions prior to 11.0.0.Beta1, update to version 11.0.0.Beta1 or later to resolve the issue.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2016-9589

GHSA-P4XG-CPR9-VWVJ

RHSA-2017:0831

RHSA-2017:0832

RHSA-2017:0834

RHSA-2017:0872

RHSA-2017:0873

RHSA-2017:3454

RHSA-2017:3455

RHSA-2017:3458

Affected Products

Undertow

Wildfly

PT-2018-5102 · Red Hat · Undertow+1

CVE-2016-9589

Weakness Enumeration

Related Identifiers

Affected Products

References · 19