Bug 1404782 (CVE-2016-9589) - CVE-2016-9589 wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
Summary: CVE-2016-9589 wildfly: ParseState headerValuesCache can be exploited to fill ...
Keywords:
Status: NEW
Alias: CVE-2016-9589
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1404783 1424497 1438536 1520314
TreeView+ depends on / blocked
 
Reported: 2016-12-14 15:59 UTC by Adam Mariš
Modified: 2021-02-17 02:52 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0830 0 normal SHIPPED_LIVE Moderate: Red Hat JBoss Enterprise Application Platform security update 2017-03-22 21:21:20 UTC
Red Hat Product Errata RHSA-2017:0831 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 6 2017-03-22 21:52:40 UTC
Red Hat Product Errata RHSA-2017:0832 0 normal SHIPPED_LIVE Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 7 2017-03-22 21:51:39 UTC
Red Hat Product Errata RHSA-2017:0834 0 normal SHIPPED_LIVE Important: jboss-ec2-eap package for EAP 7.0.5 2017-03-22 22:01:35 UTC
Red Hat Product Errata RHSA-2017:0872 0 normal SHIPPED_LIVE Moderate: Red Hat Single Sign-On 7.1 update on RHEL 6 2017-04-04 21:26:43 UTC
Red Hat Product Errata RHSA-2017:0873 0 normal SHIPPED_LIVE Moderate: Red Hat Single Sign-On 7.1 update on RHEL 7 2017-04-04 21:26:10 UTC
Red Hat Product Errata RHSA-2017:0876 0 normal SHIPPED_LIVE Moderate: Red Hat Single Sign-On 7.1 update 2017-04-04 21:15:55 UTC
Red Hat Product Errata RHSA-2017:3454 0 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 22:48:09 UTC
Red Hat Product Errata RHSA-2017:3455 0 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 22:57:25 UTC
Red Hat Product Errata RHSA-2017:3456 0 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 22:31:03 UTC
Red Hat Product Errata RHSA-2017:3458 0 normal SHIPPED_LIVE Important: eap7-jboss-ec2-eap security update 2017-12-13 23:26:13 UTC

Description Adam Mariš 2016-12-14 15:59:52 UTC
Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.

Upstream bug:

https://issues.jboss.org/browse/WFLY-7725

Comment 5 Jason Shepherd 2016-12-18 23:42:20 UTC
Acknowledgements:

Name: Gabriel Lavoie (Halogen Software)

Comment 6 errata-xmlrpc 2017-03-22 17:21:31 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0

Via RHSA-2017:0830 https://rhn.redhat.com/errata/RHSA-2017-0830.html

Comment 7 errata-xmlrpc 2017-03-22 17:54:13 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7

Via RHSA-2017:0832 https://rhn.redhat.com/errata/RHSA-2017-0832.html

Comment 8 errata-xmlrpc 2017-03-22 17:54:35 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6

Via RHSA-2017:0831 https://rhn.redhat.com/errata/RHSA-2017-0831.html

Comment 9 errata-xmlrpc 2017-03-22 18:02:03 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6
  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7

Via RHSA-2017:0834 https://rhn.redhat.com/errata/RHSA-2017-0834.html

Comment 10 errata-xmlrpc 2017-04-04 17:16:16 UTC
This issue has been addressed in the following products:



Via RHSA-2017:0876 https://access.redhat.com/errata/RHSA-2017:0876

Comment 11 errata-xmlrpc 2017-04-04 17:27:27 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.1 for RHEL 7

Via RHSA-2017:0873 https://access.redhat.com/errata/RHSA-2017:0873

Comment 12 errata-xmlrpc 2017-04-04 17:27:50 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.1 for RHEL 6

Via RHSA-2017:0872 https://access.redhat.com/errata/RHSA-2017:0872

Comment 15 errata-xmlrpc 2017-12-13 17:34:23 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456

Comment 16 errata-xmlrpc 2017-12-13 18:26:49 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454

Comment 17 errata-xmlrpc 2017-12-13 18:42:46 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7

Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455

Comment 18 errata-xmlrpc 2017-12-13 18:49:14 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458


Note You need to log in before you can comment on or make changes to this bug.