Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-03-12T15:00:00Z

Updated: 2024-08-06T02:59:02.944Z

Reserved: 2016-11-23T00:00:00

Link: CVE-2016-9589

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-12T15:29:00.273

Modified: 2024-11-21T03:01:27.900

Link: CVE-2016-9589

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-03-22T00:00:00Z

Links: CVE-2016-9589 - Bugzilla