CVE-2024-1635: A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user o...

Description

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

4.57%

90.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Netapp	Active Iq Unified Manager	All versions
Netapp	Oncommand Workflow Automation	All versions
Redhat	Fuse	1.0
Redhat	Integration Camel For Spring Boot	All versions
Redhat	Jboss Enterprise Application Platform	7.4
Redhat	Openshift Container Platform	4.11
Redhat	Openshift Container Platform	4.12
Redhat	Openshift Container Platform For Linuxone	4.9
Redhat	Openshift Container Platform For Linuxone	4.10
Redhat	Openshift Container Platform For Power	4.9
Redhat	Openshift Container Platform For Power	4.10
Redhat	Single Sign-On	All versions
Redhat	Single Sign-On	7.6

References

https://access.redhat.com/errata/RHSA-2024:1674Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1675Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1676Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1677Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1860Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1861Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1862Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1864Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1866Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3354Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4884Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4226Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:9583
https://access.redhat.com/security/cve/CVE-2024-1635Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2264928Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1674Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1675Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1676Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1677Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1860Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1861Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1862Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1864Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1866Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-1635Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2264928Third Party Advisory
https://security.netapp.com/advisory/ntap-20240322-0007/Vendor Advisory

Timeline

Published: Feb 19, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-1635?

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.

How severe is CVE-2024-1635?

CVE-2024-1635 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 4.57% probability of exploitation in the next 30 days.

How do I fix CVE-2024-1635?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.