First published: Fri Dec 06 2019(Updated: )
A flaw was found in Undertow as shipped in Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. References: <a href="https://issues.redhat.com/browse/JBEAP-16695">https://issues.redhat.com/browse/JBEAP-16695</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/undertow | <2.0.25. | 2.0.25. |
redhat/jboss-remoting | <5.0.14. | 5.0.14. |
Redhat Jboss-remoting | <5.0.14 | |
Redhat Jboss-remoting | =5.0.14 | |
Red Hat JBoss Enterprise Application Platform | <7.2.4 | |
Redhat Undertow | <2.0.25 | |
Redhat Undertow | =2.0.25 | |
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Vsphere |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-19343 is a vulnerability found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
The severity of CVE-2019-19343 is medium, with a CVSS score of 5.9.
CVE-2019-19343 affects Undertow versions before 2.0.25.SP1 and jboss-remoting versions before 5.0.14.SP1.
CVE-2019-19343 can lead to a denial of service due to a memory leak in HttpOpenListener.
To fix CVE-2019-19343, upgrade to Undertow version 2.0.25.SP1 or later, and jboss-remoting version 5.0.14.SP1 or later.