Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection. Upstream bug: https://issues.jboss.org/browse/WFLY-7725
Acknowledgements: Name: Gabriel Lavoie (Halogen Software)
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 Via RHSA-2017:0830 https://rhn.redhat.com/errata/RHSA-2017-0830.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0832 https://rhn.redhat.com/errata/RHSA-2017-0832.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:0831 https://rhn.redhat.com/errata/RHSA-2017-0831.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0834 https://rhn.redhat.com/errata/RHSA-2017-0834.html
This issue has been addressed in the following products: Via RHSA-2017:0876 https://access.redhat.com/errata/RHSA-2017:0876
This issue has been addressed in the following products: Red Hat Single Sign-On 7.1 for RHEL 7 Via RHSA-2017:0873 https://access.redhat.com/errata/RHSA-2017:0873
This issue has been addressed in the following products: Red Hat Single Sign-On 7.1 for RHEL 6 Via RHSA-2017:0872 https://access.redhat.com/errata/RHSA-2017:0872
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458