Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-4029

Опубликовано: 02 мая 2024
Источник: redhat
CVSS3: 4.1
EPSS Низкий

Описание

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.

Отчет

Red Hat rates this as a Low impact since this requires high privileges to jeopardize the system. The management interface is normally internal/local only and not exposed externally.

Меры по смягчению последствий

Currently there is no available mitigation for this vulnerability. Please make sure to perform updates as they become available.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Build of Keycloakwildfly-domain-httpNot affected
Red Hat Data Grid 8wildfly-domain-httpNot affected
Red Hat Fuse 7wildfly-domain-httpOut of support scope
Red Hat JBoss Data Grid 7wildfly-domain-httpOut of support scope
Red Hat JBoss Enterprise Application Platform Expansion Packwildfly-domain-httpNot affected
Red Hat Process Automation 7wildfly-domain-httpOut of support scope
Red Hat Single Sign-On 7wildfly-domain-httpFix deferred
Important: Red Hat JBoss Enterprise Application Platform 7.4.19 Security updatewildfly-domain-httpFixedRHSA-2024:808014.10.2024
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8eap7-hal-consoleFixedRHSA-2024:807614.10.2024
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8eap7-hibernate-validatorFixedRHSA-2024:807614.10.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2278615wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

EPSS

Процентиль: 2%
0.00014
Низкий

4.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-4029

CVSS3: 4.1
nvd
почти 2 года назад

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.

debian логотип

CVE-2024-4029

CVSS3: 4.1
debian
почти 2 года назад

A vulnerability was found in Wildfly\u2019s management interface. Due ...

github логотип

GHSA-x7g6-rwhc-g7mj

CVSS3: 4.1
github
почти 2 года назад

Wildfly vulnerable to denial of service

EPSS

Процентиль: 2%
0.00014
Низкий

4.1 Medium

CVSS3

Уязвимость CVE-2024-4029