High severityNVD Advisory· Published Mar 12, 2018· Updated Aug 6, 2024
CVE-2016-9589
CVE-2016-9589
Description
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly:wildfly-undertowMaven | < 11.0.0.Beta1 | 11.0.0.Beta1 |
Affected products
2- Red Hat, Inc./wildflyv5Range: 11.0.0.Beta1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- rhn.redhat.com/errata/RHSA-2017-0830.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2017-0831.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2017-0832.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2017-0834.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2017-0876.htmlghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:0872ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:0873ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:3454ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:3455ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:3456ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:3458ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-p4xg-cpr9-vwvjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-9589ghsaADVISORY
- www.securityfocus.com/bid/97060mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060ghsaWEB
News mentions
0No linked articles in our index yet.