Описание
Undertow vulnerable to Denial of Service (DoS) attacks
Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-3859
- https://github.com/undertow-io/undertow/pull/1296
- https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
- https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
- https://access.redhat.com/security/cve/cve-2021-3859
- https://bugzilla.redhat.com/show_bug.cgi?id=2010378
- https://issues.redhat.com/browse/UNDERTOW-1979
- https://security.netapp.com/advisory/ntap-20221201-0004
Пакеты
io.undertow:undertow-core
< 2.2.15
2.2.15
Связанные уязвимости
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A flaw was found in Undertow that tripped the client-side invocation t ...