Описание
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Отчет
Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | undertow | Not affected | ||
| Red Hat Decision Manager 7 | undertow | Not affected | ||
| Red Hat Integration Camel K 1 | undertow | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | undertow | Not affected | ||
| Red Hat Integration Service Registry | undertow | Not affected | ||
| Red Hat JBoss Data Grid 7 | undertow | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | undertow | Not affected | ||
| Red Hat JBoss Fuse 6 | undertow | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A flaw was found in Undertow that tripped the client-side invocation t ...
Undertow vulnerable to Denial of Service (DoS) attacks
EPSS
7.5 High
CVSS3