A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
The product does not release or incorrectly releases a resource before it is made available for re-use.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss-remoting | Redhat | * | 5.0.14 (excluding) |
Jboss-remoting | Redhat | 5.0.14 (including) | 5.0.14 (including) |
Jboss_enterprise_application_platform | Redhat | * | 7.2.4 (excluding) |
Undertow | Redhat | * | 2.0.25 (excluding) |
Undertow | Redhat | 2.0.25 (including) | 2.0.25 (including) |