Описание
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| undertow | fixed | 2.0.30-1 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1772464
https://issues.redhat.com/browse/UNDERTOW-1623
https://github.com/undertow-io/undertow/commit/846c50ead09f7d0b38965b4726ba0b6c5582bf7f (and followups)
https://github.com/undertow-io/undertow/pull/828
https://github.com/undertow-io/undertow/pull/852
Связанные уязвимости
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Undertow vulnerable to Uncontrolled Resource Consumption
Уязвимость веб-сервера Undertow, связанная с неконтролируемым расходом ресурса, позволяющая нарушителю вызвать отказ в обслуживании