Skip to main content

Improper Resource Shutdown or Release

CVE-2019-19343

Severity High
Score 7.5/10

Summary

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. jboss-remoting versions prior to 5.0.15.Final are believed to be vulnerable.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Advisory Timeline

  • Published