CVE-2024-1635

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 19, 2024
Updated: Mar 22, 2024
CWE ID 400

Summary

CVE-2024-1635 is a vulnerability found in Undertow, affecting servers that support the wildfly-http-client protocol. This vulnerability occurs when a malicious user opens and closes a connection with the HTTP port of the server and immediately closes the connection, leading to memory and open file limits being exhausted. The issue arises during the HTTP upgrade to remoting process, where connections are leaked if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener. The Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection, causing a dependency tree leak. The risk score for this vulnerability is 25 out of 100, with a base severity rating of HIGH. It has an exploitability score of 3.9 and poses a potential danger to organizations by impacting availability. No remediation steps or further analysis are provided in the available information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1635 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options