According to sonatype-2021-0864 Wildfly Elytron is vulnerable to Uncontrolled Resource Consumption.
openConnection method in
OAuth2IntrospectValidator.class does not allow for setting a connection or read timeout for introspection of the token. An attacker can exploit this by attempting to perpetually make a connection, tying up server resources and resulting in a Denial of Service (DoS) condition.
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.4.0 GA
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.