Denial of Service in Undertow Websocket Server by Red Hat
CVE-2017-2670
7.5HIGH
What is CVE-2017-2670?
The Undertow Websocket server prior to version 1.3.28 exhibits a vulnerability where a non-clean TCP close causes the server to enter an infinite loop on each I/O thread. This condition can lead to a Denial of Service, impacting the availability of services relying on the Websocket server. It is recommended that users update to a secure version to mitigate this risk. For more details and mitigation steps, please refer to the vendor advisories.
Affected Version(s)
undertow 1.3.28.Final-redhat-4
