Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3629

Опубликовано: 24 мая 2022
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:integration:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия до 2.0.40 (исключая)
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.11 (исключая)
cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*
Версия до 17.0 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.00358
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400
CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2021-3629

CVSS3: 5.9
ubuntu
больше 3 лет назад

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

redhat логотип

CVE-2021-3629

CVSS3: 5.9
redhat
почти 5 лет назад

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

debian логотип

CVE-2021-3629

CVSS3: 5.9
debian
больше 3 лет назад

A flaw was found in Undertow. A potential security issue in flow contr ...

github логотип

GHSA-rf6q-vx79-mjxr

CVSS3: 7.5
github
больше 3 лет назад

Undertow Uncontrolled Resource Consumption

EPSS

Процентиль: 57%
0.00358
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400
CWE-400