GHSA-p4xg-cpr9-vwvj

Source

https://github.com/advisories/GHSA-p4xg-cpr9-vwvj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p4xg-cpr9-vwvj/GHSA-p4xg-cpr9-vwvj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p4xg-cpr9-vwvj

Aliases

CVE-2016-9589

Published

2022-05-13T01:38:28Z

Modified

2024-02-17T05:36:42.235937Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Red Hat Wildfly DoS

Details

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.

References

Affected packages

Maven / org.wildfly:wildfly-undertow

Package

Name: org.wildfly:wildfly-undertow; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly/wildfly-undertow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.0.Beta1

Affected versions

8.*

8.0.0.Alpha1

8.0.0.Alpha2

8.0.0.Alpha3

8.0.0.Alpha4

8.0.0.Beta1

8.0.0.CR1

8.0.0.Final

8.1.0.CR1

8.1.0.CR2

8.1.0.Final

8.2.0.Final

8.2.1.Final

9.*

9.0.0.Alpha1

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

9.0.0.CR2

9.0.0.Final

9.0.1.Final

9.0.2.Final

10.*

10.0.0.Alpha1

10.0.0.Alpha2

10.0.0.Alpha3

10.0.0.Alpha4

10.0.0.Alpha5

10.0.0.Alpha6

10.0.0.Beta1

10.0.0.Beta2

10.0.0.CR1

10.0.0.CR2

10.0.0.CR3

10.0.0.CR4

10.0.0.CR5

10.0.0.Final

10.1.0.CR1

10.1.0.Final

11.*

11.0.0.Alpha1