Wildfly Management Interface Vulnerability: Denial of Service via Unlimited Connections
CVE-2024-4029
4.1MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Keycloak
- Red Hat Data Grid 8
- Red Hat Jboss Data Grid 7
- Red Hat Jboss Enterprise Application Platform 7
- Vendor
- CVE Published:
- 2 May 2024
Summary
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.
CVSS V3.1
Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 4.1 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database