Original Issue Date:August 25, 2021
Severity Rating: HIGH
Software Affected
JBoss Enterprise Application Platform Text-Only Advisories x86_64
JBoss Enterprise Application Platform 7.4 and earlier for RHEL 7, 8 x86_64
JBoss Enterprise Application Platform 7.3 and earlier for RHEL 6,7,8 x86_64
Overview
A Denial of Service Vulnerability has been reported in Undertow of Red Hat JBoss Enterprise Application Platform that could allow
a remote attacker to cause denial of service conditions on the targeted system.
Description
This vulnerability exists in Undertow of Red Hat JBoss Enterprise Application Platform due to buffer leak on the incoming
WebSocket PONG message. A remote attacker can force the application to leak memory by sending a WebSocket PONG message
and perform denial of service attack.
Successful exploitation of this vulnerability could cause Denial of Service conditions on the target system.