CVE-2016-7046 — Uncaught Exception in Redhat Jboss Enterprise Application Platform

CWE-399 CWE-248 — Uncaught Exception CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.9MEDIUMNVD

EPSS

4.1%

top 11.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow Redhat Jboss Enterprise Application Platform

Timeline

PublishedOct 3

Latest updateMay 17

Description

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform7.0

▶Debianredhat/undertow< 1.4.3-1

🔴Vulnerability Details

GHSA

Undertow Uncaught Exception vulnerability↗2022-05-17

▶

OSV

Undertow Uncaught Exception vulnerability↗2022-05-17

▶

CVEList

CVE-2016-7046: Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a↗2016-10-03

▶

OSV

CVE-2016-7046: Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a↗2016-10-03

▶

📋Vendor Advisories

Red Hat

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS↗2016-09-15

▶

Debian

CVE-2016-7046: undertow - Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a rever...↗2016

▶

💬Community

Bugzilla

CVE-2016-7046 undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS↗2016-09-16

▶