Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-1319

Опубликовано: 11 апр. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apicurio Registry 2undertowNot affected
Red Hat build of QuarkusundertowOut of support scope
Red Hat Decision Manager 7undertowNot affected
Red Hat Integration Camel K 1undertowNot affected
Red Hat Integration Camel Quarkus 1undertowNot affected
Red Hat Integration Service RegistryundertowOut of support scope
Red Hat JBoss Data Grid 7undertowOut of support scope
Red Hat JBoss Enterprise Application Platform Expansion PackundertowWill not fix
Red Hat JBoss Fuse 6undertowOut of support scope
Red Hat OpenStack Platform 13 (Queens)opendaylightOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-252
https://bugzilla.redhat.com/show_bug.cgi?id=2073890undertow: Double AJP response for 400 from EAP 7 results in CPING failures

EPSS

Процентиль: 77%
0.01024
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-1319

CVSS3: 7.5
ubuntu
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

nvd логотип

CVE-2022-1319

CVSS3: 7.5
nvd
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

debian логотип

CVE-2022-1319

CVSS3: 7.5
debian
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improp ...

github логотип

GHSA-5r46-q4x7-6fx6

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

EPSS

Процентиль: 77%
0.01024
Низкий

7.5 High

CVSS3