Redhat Wildfly CVE-2016-9589 Denial of Service Vulnerability

Redhat Wildfly is prone to a denial of service vulnerability.

An attacker can leverage this issue to cause denial of service condition, denying service to legitimate users.

Information

Bugtraq ID: 97060
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-9589

Remote: Yes
Local: No
Published: Mar 22 2017 12:00AM
Updated: Apr 18 2017 12:04AM
Credit: Gabriel Lavoie (Halogen Software)
Vulnerable: Redhat WildFly 0
Redhat Single Sign-On 7.1 for RHEL 7 Serve
+ Redhat Linux 6.2 E sparc
+ Redhat Linux 6.2 E i386
+ Redhat Linux 6.2 E alpha
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
Redhat Single Sign-On 7.1 for RHEL 6 Serve
+ Redhat Linux 6.2 E sparc
+ Redhat Linux 6.2 E i386
+ Redhat Linux 6.2 E alpha
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
Redhat Single Sign-On 7.1
+ Redhat Linux 6.2 E sparc
+ Redhat Linux 6.2 E i386
+ Redhat Linux 6.2 E alpha
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
Redhat Single Sign-On 7.0
+ Redhat Linux 6.2 E sparc
+ Redhat Linux 6.2 E i386
+ Redhat Linux 6.2 E alpha
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
Redhat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server 0
Redhat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server 0
Redhat JBoss Enterprise Application Platform 7.0

Not Vulnerable:

References:

• Wildfly Homepage (Red Hat)
  
• Bug 1404782 - (CVE-2016-9589) CVE-2016-9589 wildfly: ParseState headerValuesCac (Redhat)
  
• RHSA-2017:0830-1: Red Hat JBoss Enterprise Application Platform security update (Redhat)
  
• RHSA-2017:0831-1: JBoss Enterprise Application Platform 7.0.5 on RHEL 6 (Redhat)
  
• RHSA-2017:0832-1: JBoss Enterprise Application Platform 7.0.5 on RHEL 7 (Redhat)
  
• RHSA-2017:0834-1: jboss-ec2-eap package for EAP 7.0.5 (Redhat)
  

Source: www.securityfocus.com