CVE-2019-19343

Опубликовано: 06 дек. 2019

Источник: redhat

CVSS3: 5.9

Описание

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Decision Manager 7	undertow	Not affected
Red Hat JBoss Data Grid 7	undertow	Not affected
Red Hat JBoss Enterprise Application Platform 7	undertow	Affected
Red Hat JBoss Fuse 6	undertow	Out of support scope
Red Hat OpenShift Application Runtimes	undertow	Out of support scope
Red Hat Process Automation 7	undertow	Not affected
Red Hat Single Sign-On 7	undertow	Not affected
Red Hat Fuse 7.8.0	undertow	Fixed	RHSA-2020:5568	16.12.2020
Red Hat JBoss EAP 7.2		Fixed	RHSA-2019:2938	30.09.2019
Red Hat JBoss Enterprise Application Platform Continuous Delivery	undertow	Fixed	RHSA-2020:2565	15.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1780445Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2019-19343

CVSS3: 7.5

ubuntu

почти 5 лет назад

CVE-2019-19343

CVSS3: 7.5

nvd

почти 5 лет назад

CVE-2019-19343

CVSS3: 7.5

debian

почти 5 лет назад

A flaw was found in Undertow when using Remoting as shipped in Red Hat ...

GHSA-4v4m-hgv5-x3qx

CVSS3: 7.5

github

больше 3 лет назад

5.9 Medium

CVSS3