CVE-2019-19343
📋 TL;DR
CVE-2019-19343 is a memory leak vulnerability in Undertow's HttpOpenListener when using Remoting in Red Hat JBoss EAP. This flaw allows attackers to cause denial of service by exhausting server memory through holding remote connections indefinitely. Organizations running vulnerable versions of JBoss EAP before 7.2.4 are affected.
💻 Affected Systems
- Red Hat JBoss Enterprise Application Platform (EAP)
- Undertow
- JBoss Remoting
📦 What is this software?
Jboss Enterprise Application Platform by Redhat
View all CVEs affecting Jboss Enterprise Application Platform →
Undertow by Redhat
Undertow by Redhat
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage due to memory exhaustion, potentially affecting all applications hosted on the vulnerable JBoss instance.
Likely Case
Degraded performance and intermittent service disruptions as memory consumption increases over time.
If Mitigated
Minimal impact with proper monitoring and resource limits in place, though risk remains until patched.
🎯 Exploit Status
Exploitation requires establishing and maintaining multiple connections to trigger the memory leak. No authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: JBoss EAP 7.2.4, Undertow 2.0.25.SP1, JBoss Remoting 5.0.14.SP1
Vendor Advisory: https://access.redhat.com/security/cve/cve-2019-19343
Restart Required: Yes
Instructions:
1. Apply Red Hat security patch for JBoss EAP 7.2.4 or later. 2. Update Undertow to 2.0.25.SP1 or later. 3. Update JBoss Remoting to 5.0.14.SP1 or later. 4. Restart all JBoss services.
🔧 Temporary Workarounds
Connection Timeout Configuration
allConfigure connection timeouts to limit how long idle connections can remain open.
Set undertow.connection-idle-timeout in standalone.xml or domain.xml
Resource Limits
linuxImplement memory and connection limits at the OS or container level.
Use ulimit on Linux or equivalent resource constraints
🧯 If You Can't Patch
- Implement network segmentation to restrict access to vulnerable JBoss instances
- Deploy monitoring with alerts for abnormal memory consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check JBoss EAP version with: $JBOSS_HOME/bin/standalone.sh --versionCheck Version:
$JBOSS_HOME/bin/standalone.sh --version | grep 'JBoss EAP'Verify Fix Applied:
Verify version is 7.2.4 or higher and check patch installation via Red Hat Package Manager📡 Detection & Monitoring
Log Indicators:
- Increasing memory usage patterns in JBoss logs
- Connection timeout errors
- OutOfMemoryError exceptions
Network Indicators:
- Unusually high number of persistent connections to JBoss ports
- Increased network traffic without corresponding application activity
SIEM Query:
source="jboss.log" AND ("OutOfMemoryError" OR "memory leak" OR "connection timeout")🔗 References
- https://bugzilla.redhat.com/show_bug.cgi?id=1780445
- https://issues.redhat.com/browse/JBEAP-16695
- https://security.netapp.com/advisory/ntap-20220211-0002/
- https://bugzilla.redhat.com/show_bug.cgi?id=1780445
- https://issues.redhat.com/browse/JBEAP-16695
- https://security.netapp.com/advisory/ntap-20220211-0002/
