REDHAT-BUG-1573045: Medium severity JBoss Undertow vulnerability
Published Apr 30, 2018
·Updated
Undertow has a file handler leak vulnerability caused by JarURLConnection.getLastModified(). A remote attacker could exploit this to cause a denial of service.
External References:
https://issues.jboss.org/browse/UNDERTOW-1338 https://bugs.openjdk.java.net/browse/JDK-6956385
Affected Software
1 affected component
JBoss Undertow
Event History
Apr 30, 2018
Data Sourced
via Red Hat·03:09 AM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of REDHAT-BUG-1573045?
The severity of REDHAT-BUG-1573045 is rated as a denial of service vulnerability.
2
How do I fix REDHAT-BUG-1573045?
To fix REDHAT-BUG-1573045, update to the latest patched version of JBoss Undertow.
3
Who can be affected by REDHAT-BUG-1573045?
Organizations using JBoss Undertow for web services can be affected by REDHAT-BUG-1573045.
4
What type of attack can REDHAT-BUG-1573045 lead to?
REDHAT-BUG-1573045 can lead to a denial of service attack, affecting application availability.
5
Is there a workaround for REDHAT-BUG-1573045?
Currently, the recommended approach is to apply software updates as no specific workaround is mentioned.