Bug 2278615 (CVE-2024-4029) - CVE-2024-4029 wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
Summary: CVE-2024-4029 wildfly: No timeout for EAP management interface may lead to De...
Keywords:
Status: NEW
Alias: CVE-2024-4029
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2276428
TreeView+ depends on / blocked
 
Reported: 2024-05-02 12:25 UTC by Patrick Del Bello
Modified: 2025-03-04 08:28 UTC (History)
46 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:8075 0 None None None 2024-10-14 18:00:45 UTC
Red Hat Product Errata RHSA-2024:8076 0 None None None 2024-10-14 18:00:00 UTC
Red Hat Product Errata RHSA-2024:8077 0 None None None 2024-10-14 17:59:21 UTC
Red Hat Product Errata RHSA-2024:8080 0 None None None 2024-10-14 18:07:20 UTC
Red Hat Product Errata RHSA-2024:8823 0 None None None 2024-11-04 20:12:35 UTC
Red Hat Product Errata RHSA-2024:8824 0 None None None 2024-11-04 20:11:35 UTC
Red Hat Product Errata RHSA-2024:8826 0 None None None 2024-11-04 20:56:49 UTC

Description Patrick Del Bello 2024-05-02 12:25:37 UTC 
A vulnerability was found in Wildlfly management interface where there is no sockets limits to perform connections to http management interface. This may lead occasionally to a Denial of Service (DoS) for Wildfly server after nofile limit reaches its maximum. This requires normally local access as the management interface is not exposed by default and it is not a common configuration to make it public.
Comment 2 errata-xmlrpc 2024-10-14 17:59:18 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:8077 https://access.redhat.com/errata/RHSA-2024:8077
Comment 3 errata-xmlrpc 2024-10-14 17:59:57 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:8076 https://access.redhat.com/errata/RHSA-2024:8076
Comment 4 errata-xmlrpc 2024-10-14 18:00:41 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:8075 https://access.redhat.com/errata/RHSA-2024:8075
Comment 5 errata-xmlrpc 2024-10-14 18:07:17 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:8080 https://access.redhat.com/errata/RHSA-2024:8080
Comment 6 errata-xmlrpc 2024-11-04 20:11:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8824
Comment 7 errata-xmlrpc 2024-11-04 20:12:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8823
Comment 8 errata-xmlrpc 2024-11-04 20:56:46 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:8826 https://access.redhat.com/errata/RHSA-2024:8826
Note You need to log in before you can comment on or make changes to this bug.