Red Hat Undertow is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the application to cause an infinite loop; resulting in a denial-of-service condition.
Information
Redhat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server 0
Redhat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server 0
Redhat JBoss Enterprise Application Platform 7.0
Exploit
An attacker can exploit this issue using readily available tools.
References:
- CVE-2017-2670 (Red Hat)
- Red Hat Homepage (Red Hat)
- Undertow - Homepage (JBoss Community)
- undertow: IO thread DoS via unclean Websocket closing (Red Hat)
- RHSA-2017:1409-1: Red Hat JBoss Enterprise Application Platform security update (Red Hat)
- RHSA-2017:1410-1: Boss Enterprise Application Platform 7.0.6 on Red Hat Enterpri (Red Hat)
- RHSA-2017:1411-1: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterpr (Red Hat)
- RHSA-2017:1412-1: eap7-jboss-ec2-eap security update (Red Hat)