Denial of Service Vulnerability in Red Hat JBoss Enterprise Application Platform

Post author:shashikant redekar
Post published:August 29, 2021
Post category:Vulnerabilities
Post comments:0 Comments

Original Issue Date :August 25, 2021

Severity Rating: HIGH

Software Affected

JBoss Enterprise Application Platform Text-Only Advisories x86_64

JBoss Enterprise Application Platform 7.4 and earlier for RHEL 7, 8 x86_64

JBoss Enterprise Application Platform 7.3 and earlier for RHEL 6,7,8 x86_64

Overview

A Denial of Service Vulnerability has been reported in Undertow of Red Hat JBoss Enterprise Application Platform that could allow a remote attacker to cause denial of service conditions on the targeted system.

Description

This vulnerability exists in Undertow of Red Hat JBoss Enterprise Application Platform due to buffer leak on the incoming WebSocket PONG message. A remote attacker can force the application to leak memory by sending a WebSocket PONG message and perform denial of service attack.

Successful exploitation of this vulnerability could cause Denial of Service conditions on the target system.

Solution

Apply appropriate updates as mentioned in Red Hat articles

https://access.redhat.com/articles/11258

Vendor Information

Red Hat

https://access.redhat.com/errata/RHSA-2021:3219

https://access.redhat.com/errata/RHSA-2021:3218

https://access.redhat.com/errata/RHSA-2021:3217

https://access.redhat.com/errata/RHSA-2021:3216https://access.redhat.com/errata/RHSA-2021:3216

References

Red Hat

https://access.redhat.com/security/cve/cve-2021-3690

CVE Name

CVE-2021-3690

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.

Please Share This Share this content

You Might Also Like

Remote Code Execution Vulnerability in VMware vRealize Business for Cloud

Multiple Vulnerabilities in Juniper devices

Security Updates for Apple products

Leave a Reply Cancel reply

Share this content