CVE-2021-3629

Опубликовано: 29 мар. 2021

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Quarkus	undertow	Not affected
Red Hat Decision Manager 7	undertow	Not affected
Red Hat Integration Camel K 1	undertow	Affected
Red Hat Integration Service Registry	undertow	Not affected
Red Hat JBoss Data Grid 7	undertow	Out of support scope
Red Hat JBoss Fuse 6	undertow	Out of support scope
Red Hat OpenShift Application Runtimes	undertow	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	opendaylight	Out of support scope
Red Hat Process Automation 7	undertow	Not affected
Red Hat support for Spring Boot	undertow	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1977362undertow: potential security issue in flow control over HTTP/2 may lead to DOS

EPSS

Процентиль: 57%

0.00358

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2021-3629

CVSS3: 5.9

ubuntu

больше 3 лет назад

CVE-2021-3629

CVSS3: 5.9

nvd

больше 3 лет назад

CVE-2021-3629

CVSS3: 5.9

debian

больше 3 лет назад

A flaw was found in Undertow. A potential security issue in flow contr ...

GHSA-rf6q-vx79-mjxr

CVSS3: 7.5

github

больше 3 лет назад

Undertow Uncontrolled Resource Consumption

EPSS

Процентиль: 57%

0.00358

Низкий

5.9 Medium

CVSS3