CVE-2024-1635 is a vulnerability in Undertow 1.31.0 affecting servers that support the wildfly-http-client protocol. The issue arises during the HTTP upgrade to remoting, where the WriteTimeoutStreamSinkConduit component leaks connections if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener. Specifically, the remoting connection, which originates as part of the HTTP upgrade, has an external layer that is unaware of the connection closure during the opening procedure. Consequently, the WriteTimeoutStreamSinkConduit is not notified of the closure and continues to maintain a timeout task referencing the connection. This timeout task is added to the XNIO WorkerThread, causing the entire dependency tree, including the connection objects, to leak. When a malicious user repeatedly opens and immediately closes connections on the HTTP port, these leaked resources accumulate, eventually exhausting both memory and file descriptor limits on the server. This uncontrolled resource consumption leads to denial of service by making the server unresponsive or crashing it. The vulnerability does not impact confidentiality or integrity but severely affects availability. It requires no authentication or user interaction, making exploitation straightforward over the network. The CVSS 3.1 score of 7.5 reflects its high severity, primarily due to the ease of exploitation and the significant impact on availability. No known exploits are currently reported in the wild, but the vulnerability poses a serious risk to affected deployments.

For European organizations, the primary impact of CVE-2024-1635 is a denial of service condition caused by resource exhaustion on servers running Undertow 1.31.0, particularly those using WildFly or similar Java middleware stacks that leverage the wildfly-http-client protocol. This can disrupt critical business applications, web services, and middleware-dependent infrastructure, leading to downtime and potential loss of productivity. Industries relying heavily on Java EE middleware, such as finance, telecommunications, and government services, may experience service interruptions. The vulnerability's ease of exploitation means attackers can cause outages without needing credentials or user interaction, increasing the risk of opportunistic attacks or targeted disruption. Additionally, the exhaustion of file descriptors can prevent new connections, compounding service unavailability. While no data confidentiality or integrity loss is expected, the availability impact can affect compliance with service-level agreements and regulatory requirements for uptime and resilience. Organizations with exposed HTTP ports running the vulnerable Undertow version are particularly at risk.

1. Apply patches or updates from the Undertow project or your middleware vendor as soon as they become available to address the connection leak issue. 2. In the interim, implement network-level rate limiting or connection throttling on HTTP ports to reduce the risk of rapid open/close connection attacks. 3. Monitor server resource usage closely, including memory consumption and open file descriptors, to detect early signs of resource exhaustion. 4. Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) capable of detecting and blocking suspicious connection patterns targeting the wildfly-http-client protocol. 5. Consider isolating or segmenting vulnerable services to limit exposure to untrusted networks. 6. Review and harden server configuration to minimize unnecessary HTTP upgrade usage or disable unused protocols if feasible. 7. Maintain an incident response plan to quickly recover from potential denial of service events caused by this vulnerability. 8. Engage with middleware vendors for guidance and support on secure configurations and updates.