Red Hat Wildfly DoS
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Nov 2, 2023
Package
Affected versions
< 11.0.0.Beta1
Patched versions
11.0.0.Beta1
Description
Published by the National Vulnerability Database
Mar 12, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jul 28, 2023
Last updated
Nov 2, 2023
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
References