Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1319

Опубликовано: 31 авг. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия до 2.2.17 (исключая)
cpe:2.3:a:redhat:undertow:2.2.17:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.3.0:alpha1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01024
Низкий

7.5 High

CVSS3

Дефекты

CWE-252
CWE-252

Связанные уязвимости

ubuntu логотип

CVE-2022-1319

CVSS3: 7.5
ubuntu
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

redhat логотип

CVE-2022-1319

CVSS3: 7.5
redhat
почти 4 года назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

debian логотип

CVE-2022-1319

CVSS3: 7.5
debian
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improp ...

github логотип

GHSA-5r46-q4x7-6fx6

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

EPSS

Процентиль: 77%
0.01024
Низкий

7.5 High

CVSS3

Дефекты

CWE-252
CWE-252