CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing
https://notcve.org/view.php?id=CVE-2017-2670
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. • http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/98965 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 0CVE-2014-7816 – WildFly Directory Traversal
https://notcve.org/view.php?id=CVE-2014-7816
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. Vulnerabilidad de salto de directorio en JBoss Undertow 1.0.x anterior a 1.0.17, 1.1.x anterior a 1.1.0.CR5, y 1.2.x anterior a 1.2.0.Beta3, cuando funciona en Windows, permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en una URI de recursos. • http://seclists.org/oss-sec/2014/q4/830 http://www.securityfocus.com/bid/71328 https://bugzilla.redhat.com/show_bug.cgi?id=1157478 https://issues.jboss.org/browse/UNDERTOW-338 https://issues.jboss.org/browse/WFLY-4020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •