Rapid7 Vulnerability & Exploit Database

Red Hat JBossEAP: Missing Release of Memory after Effective Lifetime (CVE-2024-41172)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat JBossEAP: Missing Release of Memory after Effective Lifetime (CVE-2024-41172)

Severity
3
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
Published
07/19/2024
Created
09/20/2024
Added
09/19/2024
Modified
09/20/2024

Description

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory. A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory.

Solution(s)

  • red-hat-jboss-eap-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;