The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-1904.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2015-1905.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2015-1906.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2015-1907.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2015-1908.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1519.html | Patch Vendor Advisory |
http://www.securitytracker.com/id/1033859 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1255597 | Issue Tracking Vendor Advisory |
Configurations
History
13 Feb 2023, 00:51
Type | Values Removed | Values Added |
---|---|---|
Summary | The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. | |
References |
|
02 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. | |
References |
|
Information
Published : 2015-10-27 16:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5220
Mitre link : CVE-2015-5220
CVE.ORG link : CVE-2015-5220
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_wildfly_application_server
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer