Описание
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 7 | undertow | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Not affected | ||
| Red Hat JBoss Fuse 6 | undertow | Will not fix | ||
| Red Hat JBoss Fuse Integration Service 2 | undertow | Affected | ||
| Red Hat OpenShift Application Runtimes | undertow | Affected | ||
| Red Hat Single Sign-On 7 | undertow | Affected | ||
| Red Hat JBoss EAP 7.1 | Fixed | RHSA-2018:2088 | 27.06.2018 | |
| Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2018:2090 | 27.06.2018 |
| Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 | eap7-commons-logging-jboss-logmanager | Fixed | RHSA-2018:2090 | 27.06.2018 |
| Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 | eap7-hibernate | Fixed | RHSA-2018:2090 | 27.06.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1573045undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
EPSS
Процентиль: 72%
0.00707
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 7 лет назад
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS3: 6.5
nvd
больше 7 лет назад
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS3: 6.5
debian
больше 7 лет назад
It was found that URLResource.getLastModified() in Undertow closes the ...
EPSS
Процентиль: 72%
0.00707
Низкий
6.5 Medium
CVSS3