Описание
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.15 (исключая)
Одно из
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
7.5 High
CVSS3
Дефекты
CWE-214
CWE-668
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
CVSS3: 7.5
redhat
около 4 лет назад
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
CVSS3: 7.5
debian
больше 3 лет назад
A flaw was found in Undertow that tripped the client-side invocation t ...
CVSS3: 7.5
github
больше 3 лет назад
Undertow vulnerable to Denial of Service (DoS) attacks
EPSS
Процентиль: 54%
0.00309
Низкий
7.5 High
CVSS3
Дефекты
CWE-214
CWE-668