Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.3.14.Final, 2.2.33.Final
Affects Version/s: None
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1603, https://github.com/undertow-io/undertow/pull/1604, https://github.com/undertow-io/undertow/pull/1612

There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.
We have a max header config in Undertow that cna be used to limit the amount of continuatoin frames, but it is not being enforced by default.

is incorporated by

WFCORE-6862 CVE-2024-6162 CVE-2024-27316 Upgrade Undertow to 2.3.14.Final

Resolved

is related to

UNDERTOW-2411 Create HTTP2_MAX_HEADER_SIZE UndertowOption

Open

Assignee:: Flavia Rainone

Reporter:: Flavia Rainone

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/06/14 4:23 AM

Updated:: 2024/06/23 9:16 AM

Resolved:: 2024/06/20 7:52 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates