Undertow has a file handler leak vulnerability caused by JarURLConnection.getLastModified(). A remote attacker could exploit this to cause a denial of service. External References: https://issues.jboss.org/browse/UNDERTOW-1338 https://bugs.openjdk.java.net/browse/JDK-6956385
Created undertow tracking bugs for this issue: Affects: fedora-all [bug 1573047]
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2643
This issue has been addressed in the following products: Red Hat JBoss Fuse Via RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2669
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:0877