Lucene search
RedhatCVELIST:CVE-2022-1319HistoryAug 31, 2022 - 12:00 a.m.
CVE-2022-1319
2022-08-3100:00:00
CWE-252
redhat
www.cve.org
undertow
eap 7
ajp 400
connection
reuse flag
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
CNA Affected
[
{
"vendor": "n/a",
"product": "undertow",
"versions": [
{
"version": "Fixed in 2.3.0.Final, 2.2.18.Final, 2.2.17.SP3, 2.2.17.SP4, 2.3.0.Alpha2",
"status": "affected"
}
]
}
]References
access.redhat.com/security/cve/CVE-2022-1319
bugzilla.redhat.com/show_bug.cgi?id=2073890
github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
issues.redhat.com/browse/UNDERTOW-2060
security.netapp.com/advisory/ntap-20221014-0006/
Related
prion
prion
Design/Logic Flaw
2022-08-31 16:15:00
osv
osv
CVE-2022-1319
2022-08-31 16:15:09
veracode
veracode
Denial Of Service (DoS)
2022-06-21 23:47:11
cve
cve
CVE-2022-1319
2022-08-31 16:15:09
nvd
nvd
CVE-2022-1319
2022-08-31 16:15:09
redhatcve
redhatcve
CVE-2022-1319
2022-04-12 07:22:46
debiancve
debiancve
CVE-2022-1319
2022-08-31 16:15:09
ubuntucve
ubuntucve
CVE-2022-1319
2022-08-31 00:00:00
openvas
openvas
osTicket < 1.16.6, 1.17.x < 1.17.3 Multiple XSS Vulnerabilities
2023-03-14 00:00:00
redhat
redhat
(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update
2022-12-14 13:14:18
(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update
2022-11-03 15:13:15
nessus
nessus
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00