It was discovered that the Lightweight HTTP Server component of OpenJDK did not limit the number of connections accepted from HTTP clients. This could result in resource exhaustion if multiple instances of a malicious applications were started at the same time, possibly preventing other applications on the system from being able to communicate over the network.
Public now via Oracle CPU October 2022: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA Fixed in Oracle Java SE 8u351, 11.0.17, 17.0.5, 19.0.1. Release notes: https://www.oracle.com/java/technologies/javase/8u351-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-17-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-5-relnotes.html https://www.oracle.com/java/technologies/javase/19-0-1-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7009 https://access.redhat.com/errata/RHSA-2022:7009
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:7004 https://access.redhat.com/errata/RHSA-2022:7004
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7003 https://access.redhat.com/errata/RHSA-2022:7003
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7002 https://access.redhat.com/errata/RHSA-2022:7002
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7005 https://access.redhat.com/errata/RHSA-2022:7005
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7006 https://access.redhat.com/errata/RHSA-2022:7006
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7011 https://access.redhat.com/errata/RHSA-2022:7011
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7001 https://access.redhat.com/errata/RHSA-2022:7001
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:7010 https://access.redhat.com/errata/RHSA-2022:7010
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7008 https://access.redhat.com/errata/RHSA-2022:7008
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7012 https://access.redhat.com/errata/RHSA-2022:7012
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7000 https://access.redhat.com/errata/RHSA-2022:7000
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7007 https://access.redhat.com/errata/RHSA-2022:7007
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7013 https://access.redhat.com/errata/RHSA-2022:7013
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6999 https://access.redhat.com/errata/RHSA-2022:6999
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u352 Via RHSA-2022:7049 https://access.redhat.com/errata/RHSA-2022:7049
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u352 Via RHSA-2022:7050 https://access.redhat.com/errata/RHSA-2022:7050
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.17 Via RHSA-2022:7052 https://access.redhat.com/errata/RHSA-2022:7052
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.17 Via RHSA-2022:7054 https://access.redhat.com/errata/RHSA-2022:7054
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.5 Via RHSA-2022:7051 https://access.redhat.com/errata/RHSA-2022:7051
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.5 Via RHSA-2022:7053 https://access.redhat.com/errata/RHSA-2022:7053
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/ff5418eff8c07be96005ca0d8477436643cc14dd OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/1d94bc4e2783258b9bc0b504ec01e0838292a662 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/c0d680413deb88912bbc4ba706fa1d2056d90169
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:8880 https://access.redhat.com/errata/RHSA-2022:8880
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0128 https://access.redhat.com/errata/RHSA-2023:0128
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21628