Описание
Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1114
- https://access.redhat.com/errata/RHSA-2018:2643
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:0877
- https://bugs.openjdk.java.net/browse/JDK-6956385
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
- https://issues.jboss.org/browse/UNDERTOW-1338
Пакеты
io.undertow:undertow-core
<= 1.4.24.FInal
1.4.25.Final
io.undertow:undertow-core
>= 2.0.0.Alpha1, <= 2.0.4.Final
2.0.5.Final
Связанные уязвимости
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
It was found that URLResource.getLastModified() in Undertow closes the ...