A vulnerability was found in Undertow. Undertow chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in an uncontrolled resource consumption leaving the server side to a Denial of Service vulnerability attack. This happens only with Java 17 TLSv1.3 scenarios.
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:4392 https://access.redhat.com/errata/RHSA-2024:4392
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.4.1 for Spring Boot Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147
When dealing with issues related to Undertow's response write hanging in the context of Java 17 and TLSv1.3's NewSessionTicket, you might be encountering a complex problem that involves the interaction between the web server (Undertow) https://geometrydashbreeze.org