CVE-2016-9589

2018-03-1215:00:00

CWE-400

redhat

www.cve.org

7.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to “max-headers” (default 200) * “max-header-size” (default 1MB) per active TCP connection.

CNA Affected

[
  {
    "product": "wildfly",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "11.0.0.Beta1"
      }
    ]
  }
]