Miggo Logo
Miggo Vulnerability Database
CVE-2017-2670

CVE-2017-2670:
Moderate severity vulnerability that affects io.undertow:undertow-core

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-2670
GHSA ID
GHSA-3x7h-5hfr-hvjm
EPSS Score
0.91592%
CWE
CWE-835
Published
10/19/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.undertow:undertow-coremaven< 1.3.281.3.28

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in WebSocket frame processing loops that lack termination checks after non-clean TCP closures. AbstractReceiveListener.handleEvent is the primary entry point for frame processing on IO threads, making it the most likely candidate for the infinite loop. WebSocketChannel.receive() is also implicated as it directly interacts with the channel's read operations. Both functions would appear in stack traces during exploitation due to their role in the IO thread processing loop. The confidence levels reflect the direct involvement of these functions in the vulnerable workflow described in the CVE.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It w*s *oun* in Un**rtow ***or* *.*.** t**t wit* non-*l**n T*P *los*, t** W**so*k*t s*rv*r **ts into in*init* loop on *v*ry IO t*r***, *****tiv*ly **usin* *oS.

Reasoning

T** vuln*r**ility m*ni**sts in W**So*k*t *r*m* pro**ssin* loops t**t l**k t*rmin*tion ****ks **t*r non-*l**n T*P *losur*s. `**str**tR***iv*List*n*r.**n*l**v*nt` is t** prim*ry *ntry point *or *r*m* pro**ssin* on IO t*r***s, m*kin* it t** most lik*ly