SB2018091111 - Memory leak in Undertow for Wildfly Application Server
Published: September 11, 2018 Updated: August 13, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Memory leak (CVE-ID: CVE-2018-1114)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in URLResource.getLastModified() function in Undertow due to the method closes file descriptors only when they are finalized. A remote attacker can initiate opening of numerous URLs and exhaust all file descriptors, leading to a denial of service (DoS) attack.
Remediation
Install update from vendor's website.