Description

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Remediation

References

CVE-2017-2670

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3570)

WordPress Plugin Mail Queue Cross-Site Scripting (1.1)

WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-43622)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)

Severity

High

Classification

CVE-2017-2670 CWE-835 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities