CVE-2022-1319
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.4%
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
| redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
| redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
| redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
| redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "undertow",
"versions": [
{
"version": "Fixed in 2.3.0.Final, 2.2.18.Final, 2.2.17.SP3, 2.2.17.SP4, 2.3.0.Alpha2",
"status": "affected"
}
]
}
]References
access.redhat.com/security/cve/CVE-2022-1319
bugzilla.redhat.com/show_bug.cgi?id=2073890
github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
issues.redhat.com/browse/UNDERTOW-2060
security.netapp.com/advisory/ntap-20221014-0006/
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.4%