Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8734

upgrade to undertow 2.2.15 or later

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.5.4, 3.4.9, 4.0.0, 3.6.0
    • None
    • None
    • Unknown

    Description

      Undertow contains a flaw with how certain calls are made over HTTP2. Invocation of an EJB can fail on the client side which will result in the invocation-timeout being hit. Successfully exploiting this can allow an attacker to trigger a denial-of-service (DoS).

      Solution: Fixed in 2.2.15 by this commit.

      The latest stable releases are available here.

      Attachments

        Activity

          People

            reta Andriy Redko
            kdebbarman Kripal Deb Barman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: