Wildfly Management Interface Vulnerability: Denial of Service via Unlimited Connections

CVE-2024-4029

4.1MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Build Of Keycloak; Red Hat Data Grid 8; Red Hat Jboss Data Grid 7; Red Hat Jboss Enterprise Application Platform 7
Vendor: CVE Published:; 2 May 2024

Summary

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 4.1 - (MEDIUM)
May 2, 2024
Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Apr 22, 2024
Reported to Red Hat.
Apr 22, 2024

Collectors

NVD DatabaseMitre Database