Bug 2274437 (CVE-2024-3653) - CVE-2024-3653 undertow: LearningPushHandler can lead to remote memory DoS attacks
Summary: CVE-2024-3653 undertow: LearningPushHandler can lead to remote memory DoS att...
Keywords:
Status: NEW
Alias: CVE-2024-3653
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2275281
TreeView+ depends on / blocked
 
Reported: 2024-04-11 04:27 UTC by Patrick Del Bello
Modified: 2024-11-18 20:22 UTC (History)
95 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:4392 0 None None None 2024-07-08 22:19:18 UTC
Red Hat Product Errata RHSA-2024:5143 0 None None None 2024-08-08 17:22:50 UTC
Red Hat Product Errata RHSA-2024:5144 0 None None None 2024-08-08 17:24:03 UTC
Red Hat Product Errata RHSA-2024:5145 0 None None None 2024-08-08 17:22:10 UTC
Red Hat Product Errata RHSA-2024:5147 0 None None None 2024-08-08 17:24:53 UTC

Description Patrick Del Bello 2024-04-11 04:27:38 UTC 
A vulnerability was found in Undertow. This vulnerability requires enabling the learning-push handler in the server's config (it is disabled by default), leave the maxAge config in the handler unconfigured. The default is -1, so it makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
Comment 4 errata-xmlrpc 2024-07-08 22:19:13 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:4392 https://access.redhat.com/errata/RHSA-2024:4392
Comment 6 errata-xmlrpc 2024-08-08 17:22:05 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145
Comment 7 errata-xmlrpc 2024-08-08 17:22:45 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143
Comment 8 errata-xmlrpc 2024-08-08 17:23:57 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144
Comment 9 errata-xmlrpc 2024-08-08 17:24:47 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147
Comment 10 Chess Hazlett 2024-11-18 20:22:31 UTC 
removed RHINT-CSB-3 affects as those are now handled under RHBOAC which has already called WONTFIX.
Note You need to log in before you can comment on or make changes to this bug.