Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25689

Опубликовано: 02 нояб. 2020
Источник: nvd
CVSS3: 5.3
CVSS3: 6.5
CVSS2: 6.8
EPSS Низкий

Описание

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*
Версия до 21.0.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00238
Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-401
CWE-401

Связанные уязвимости

redhat логотип

CVE-2020-25689

CVSS3: 5.3
redhat
больше 5 лет назад

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2020-25689

CVSS3: 5.3
debian
больше 5 лет назад

A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...

github логотип

GHSA-97hp-6q9g-5cw2

CVSS3: 6.5
github
больше 3 лет назад

Uncontrolled Resource Consumption in WildFly

EPSS

Процентиль: 47%
0.00238
Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-401
CWE-401