This security bulletin contains one low risk vulnerability.
CWE-200 - Information Exposure
Exploit availability: NoDescription
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to improper handling of connection closures by the non-blocking I/O (NIO) and NIO2 connectors. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, trigger bug in the tracking of connection closures, reuse user sessions in a new connection and access arbitrary data.Mitigation
Install update from vendor's website.Vulnerable software versions
Red Hat Enterprise Linux for x86_64: 6 - 7.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?