A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Redhat |
|
No data.
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 7 | |||
| undertow | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 | RHSA-2024:1677 | 2024-04-04T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | |||
| eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2024:1675 | 2024-04-04T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | |||
| eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2024:1676 | 2024-04-04T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | |||
| eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2024:1674 | 2024-04-04T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 8 | |||
| undertow | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 | RHSA-2024:2763 | 2024-05-08T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | |||
| eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 | RHSA-2024:2764 | 2024-05-08T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | |||
| eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 | RHSA-2024:2764 | 2024-05-08T00:00:00Z |
References
History
No history.
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat