Описание
Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-4027
- https://github.com/undertow-io/undertow/commit/6b7c18481ce65ae4012d92fe2b7f17a21ef4d70b
- https://access.redhat.com/security/cve/CVE-2024-4027
- https://bugzilla.redhat.com/show_bug.cgi?id=2276410
- https://github.com/undertow-io/undertow/releases/tag/2.3.21.Final
- https://issues.redhat.com/browse/UNDERTOW-2377
Пакеты
io.undertow:undertow-core
< 2.3.21.Final
2.3.21.Final
Связанные уязвимости
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
A flaw was found in Undertow. Servlets using a method that calls HttpS ...