CVE-2016-7046

MEDIUM

Redhat Jboss Enterprise Application P... - Resource Management Error

Title source: rule

Description

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.

References (10)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2640.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2641.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2642.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2657.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93173

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1376646

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:3454

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:3455

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:3456

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:3458

Scores

CVSS v3 5.9

EPSS 0.0406

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-399

Status published

Affected Products (3)

redhat/jboss_enterprise_application_platform

io.undertow/undertow-core < 1.4.3.FinalMaven

n/a/n/a

Timeline

Published Oct 03, 2016

Tracked Since Feb 18, 2026