It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670 | Issue Tracking Vendor Advisory |
https://www.debian.org/security/2017/dsa-3906 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:3458 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:3456 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:3455 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:3454 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:1412 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:1411 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:1410 | Vendor Advisory |
http://www.securityfocus.com/bid/98965 | Third Party Advisory VDB Entry |
http://rhn.redhat.com/errata/RHSA-2017-1409.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Information
Published : 2018-07-27 08:29
Updated : 2019-10-09 16:27
NVD link : CVE-2017-2670
Mitre link : CVE-2017-2670
JSON object : View
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Products Affected
debian
- debian_linux
redhat
- undertow
- enterprise_linux
- jboss_enterprise_application_platform