A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
References
Link | Resource |
---|---|
https://issues.redhat.com/browse/JBEAP-16695 | Permissions Required Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1780445 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220211-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2021-03-23 14:15
Updated : 2022-05-03 06:05
NVD link : CVE-2019-19343
Mitre link : CVE-2019-19343
JSON object : View
CWE
CWE-404
Improper Resource Shutdown or Release
Products Affected
redhat
- undertow
- jboss-remoting
- jboss_enterprise_application_platform
netapp
- active_iq_unified_manager