CVE-2022-1259

Опубликовано: 06 апр. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.

Отчет

This flaw occurs because of an incomplete fix for CVE-2021-3629.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Quarkus	undertow	Will not fix
Red Hat Decision Manager 7	undertow	Not affected
Red Hat Integration Camel K 1	undertow	Fix deferred
Red Hat Integration Camel Quarkus 1	undertow	Fix deferred
Red Hat Integration Service Registry	undertow	Fix deferred
Red Hat JBoss Data Grid 7	undertow	Out of support scope
Red Hat JBoss Enterprise Application Platform Expansion Pack	undertow	Not affected
Red Hat JBoss Fuse 6	undertow	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	opendaylight	Out of support scope
Red Hat Process Automation 7	undertow	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400->CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=2072339undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

EPSS

Процентиль: 47%

0.0024

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-1259

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2022-1259

CVSS3: 7.5

nvd

больше 3 лет назад

CVE-2022-1259

CVSS3: 7.5

debian

больше 3 лет назад

A flaw was found in Undertow. A potential security issue in flow contr ...

GHSA-5837-3xvj-5g8r

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 47%

0.0024

Низкий

7.5 High

CVSS3