Description

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Remediation

References

CVE-2017-2670

Related Vulnerabilities

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.6)

WordPress Plugin Facebook for WooCommerce Cross-Site Request Forgery (1.9.14)

WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)

WordPress Plugin Booking Calendar Multiple Vulnerabilities (6.2)

WordPress Plugin Tooltipy (tooltips for WP) Multiple Vulnerabilities (5.0.2)

Severity

High

Classification

CVE-2017-2670 CWE-835 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities