We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | redhat |
Reserved | 2024-06-13 |
Published | 2024-07-08 |
Updated | 2024-10-21 |
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2024-06-13: | Reported to Red Hat. |
2024-07-08: | Made public. |
https://access.redhat.com/errata/RHSA-2024:4392 (RHSA-2024:4392)
https://access.redhat.com/errata/RHSA-2024:4884 (RHSA-2024:4884)
https://access.redhat.com/errata/RHSA-2024:5143 (RHSA-2024:5143)
https://access.redhat.com/errata/RHSA-2024:5144 (RHSA-2024:5144)
https://access.redhat.com/errata/RHSA-2024:5145 (RHSA-2024:5145)
https://access.redhat.com/errata/RHSA-2024:5147 (RHSA-2024:5147)
https://access.redhat.com/errata/RHSA-2024:6508 (RHSA-2024:6508)
https://access.redhat.com/errata/RHSA-2024:6883 (RHSA-2024:6883)
https://access.redhat.com/security/cve/CVE-2024-5971
https://bugzilla.redhat.com/show_bug.cgi?id=2292211 (RHBZ#2292211)