You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Uncontrolled Recursion in chunked response handling. An attacker can cause a client to wait indefinitely by sending excessive data without a 0\r\n termination sequence in chunked responses, thereby disrupting service to the server.
Note: This is only exploitable when using NewSessionTicket functionality in TLS 1.3 on Java 17.
Remediation
There is no fixed version for io.undertow:undertow-core.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Uncontrolled Recursion in chunked response handling. An attacker can cause a client to wait indefinitely by sending excessive data without a
0\r\ntermination sequence in chunked responses, thereby disrupting service to the server.Note: This is only exploitable when using
NewSessionTicketfunctionality in TLS 1.3 on Java 17.Remediation
There is no fixed version for
io.undertow:undertow-core.References
The text was updated successfully, but these errors were encountered: