Denial Of Service (DoS)

2023-01-0700:46:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

eap7

vulnerability

dos attack

undertow server

last_chunk

0.001 Low

EPSS

Percentile

30.0%

JSON

eap7 is vulnerable to Denial Of Service (DoS). Denial of service could be triggered as the undertow server waits for the LAST_CHUNK forever for EJB invocations, which allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes.

CPENameOperatorVersion
eap7-wildflyeq7.1.3__2.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.0.6__4.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.0.4__4.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.1.3__4.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.1.1__4.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.0.8__4.GA_redhat_1.1.ep7.el7
eap7-wildflyeq7.1.2__1.GA_redhat_1.1.ep7.el7
eap7-wildflyeq7.0.0__19.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.1.4__1.GA_redhat_1.1.ep7.el7
eap7-wildflyeq7.0.5__3.GA_redhat_2.1.ep7.el7

Name	Operator	Version
eap7-wildfly	eq	7.1.3__2.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.0.6__4.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.0.4__4.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.1.3__4.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.1.1__4.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.0.8__4.GA_redhat_1.1.ep7.el7
eap7-wildfly	eq	7.1.2__1.GA_redhat_1.1.ep7.el7
eap7-wildfly	eq	7.0.0__19.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.1.4__1.GA_redhat_1.1.ep7.el7
eap7-wildfly	eq	7.0.5__3.GA_redhat_2.1.ep7.el7