Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xpp6-8r3j-ww43: Undertow Denial of Service vulnerability

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

ghsa
#vulnerability#ios#dos#git#java#ssl

Undertow Denial of Service vulnerability

High severity GitHub Reviewed Published Jul 8, 2024 to the GitHub Advisory Database • Updated Jul 9, 2024

Related news

Red Hat Security Advisory 2024-6883-03

Red Hat Security Advisory 2024-6883-03 - Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available. Issues addressed include denial of service, information leakage, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-5147-03

Red Hat Security Advisory 2024-5147-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-5145-03

Red Hat Security Advisory 2024-5145-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-5144-03

Red Hat Security Advisory 2024-5144-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-5143-03

Red Hat Security Advisory 2024-5143-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4392-03

Red Hat Security Advisory 2024-4392-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include a denial of service vulnerability.