Allocation of Resources Without Limits or Throttling in org.wildfly.core:wildfly-domain-http-interface

CVE-2024-4029

org.wildfly.core:wildfly-domain-http-interface
org.wildfly.core:wildfly-server
org.wildfly:wildfly-domain-http-interface
org.wildfly:wildfly-server

Medium

4.1/10

Summary

A vulnerability was found in Wildfly's management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a Denial of Service hitting the 'nofile' limit as there is no possibility to configure or set a maximum number of connections. This issue affects packages 'wildfly-domain-http-interface' and 'wildfly-server' in versions prior to 24.0.1.Final, and versions 25.0.0.Beta1, 25.0.0.Beta2.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-770 - Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

Advisory Timeline

Published May 02, 2024

Allocation of Resources Without Limits or Throttling in org.wildfly.core:wildfly-domain-http-interface

CVE-2024-4029

Summary

CWE-770 - Allocation of Resources Without Limits or Throttling

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS