Miggo Logo
Miggo Vulnerability Database
CVE-2020-25689

CVE-2020-25689: Uncontrolled Resource Consumption in WildFly

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-25689
GHSA ID
GHSA-97hp-6q9g-5cw2
EPSS Score
0.4688%
CWE
CWE-400
Published
5/24/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.wildfly:wildfly-distmaven<= 21.0.021.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the HostController's persistent reconnection attempts creating unclosed connections. The primary indicators are:

  1. HostController$ReconnectTask.run() - Directly referenced in Red Hat's WFCORE-5105 as the looping reconnection mechanism
  2. ManagementClient.establishConnection() - Core connection creation point called during each retry
  3. ProtocolChannelClient.connect() - Low-level network resource allocator for management channels

These functions would appear in profiler stack traces showing repeated connection attempts without corresponding cleanup. The patch likely added connection.close() calls in ReconnectTask and proper error handling in ManagementClient.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* m*mory l**k *l*w w*s *oun* in Wil**ly in *ll v*rsions up to **.*.*.*in*l, w**r* *ost-*ontroll*r tri*s to r**onn**t in * loop, **n*r*tin* n*w *onn**tions w*i** *r* not prop*rly *los** w*il* not **l* to *onn**t to *om*in-*ontroll*r. T*is *l*w *llows

Reasoning

T** vuln*r**ility st*ms *rom t** *ost*ontroll*r's p*rsist*nt r**onn**tion *tt*mpts *r**tin* un*los** *onn**tions. T** prim*ry in*i**tors *r*: *. *ost*ontroll*r$R**onn**tT*sk.run() - *ir**tly r***r*n*** in R** **t's W**OR*-**** *s t** loopin* r**onn**