Miggo Logo

CVE-2016-7046: Undertow Uncaught Exception vulnerability

5.9

CVSS Score
3.0

Basic Information

EPSS Score
0.89738%
Published
5/17/2022
Updated
1/29/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.undertow:undertow-coremaven>= 1.4.0, < 1.4.3.Final1.4.3.Final
io.undertow:undertow-coremaven< 1.3.25.Final1.3.25.Final

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper buffer management in HttpRequestConduit.java's processWrite method. The pre-patch code in STATE_START (lines 126-141) used assertions to validate buffer capacity but lacked proper handling for oversized URLs. The patch introduced a length check (line 130-133) and a fallback path (lines 145-156) to write the URL incrementally via STATE_URL. The unpatched code's direct buffer writes without overflow checks allowed BufferOverflowExceptions when URLs exceeded buffer limits, triggering an uncaught exception loop. The HpackEncoder.java changes addressed secondary overflow scenarios, but the root cause was in HttpRequestConduit's request line construction logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* lon* URL proxy r*qu*st l*** to j*v*.nio.*u***rOv*r*low*x**ption in Un**rtow.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *u***r m*n***m*nt in *ttpR*qu*st*on*uit.j*v*'s pro**ssWrit* m*t*o*. T** pr*-p*t** *o** in ST*T*_ST*RT (lin*s ***-***) us** *ss*rtions to v*li**t* *u***r **p**ity *ut l**k** prop*r **n*lin* *or ov*rsiz** URLs. T**