Lucene search
PRIOn knowledge basePRION:CVE-2022-1319HistoryAug 31, 2022 - 4:15 p.m.
Design/Logic Flaw
2022-08-3116:15:00
PRIOn knowledge base
www.prio-n.com
2
undertow
ajp 400
eap 7
logic flaw
connection closure
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
| CPE | Name | Operator | Version |
|---|---|---|---|
| single_sign-on | eq | 7.0 | |
| undertow | eq | 2.3.0 alpha1 | |
| undertow | eq | 2.2.19 sp1 | |
| undertow | eq | 2.2.19 | |
| undertow | eq | 2.2.17 | |
| undertow | eq | 2.2.17 sp1 | |
| undertow | eq | 2.2.17 sp2 | |
| undertow | lt | 2.2.17 |
References
access.redhat.com/security/cve/CVE-2022-1319
bugzilla.redhat.com/show_bug.cgi?id=2073890
github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
issues.redhat.com/browse/UNDERTOW-2060
security.netapp.com/advisory/ntap-20221014-0006/
Related
osv
osv
CVE-2022-1319
2022-08-31 16:15:09
cvelist
cvelist
CVE-2022-1319
2022-08-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-06-21 23:47:11
cve
cve
CVE-2022-1319
2022-08-31 16:15:09
nvd
nvd
CVE-2022-1319
2022-08-31 16:15:09
redhatcve
redhatcve
CVE-2022-1319
2022-04-12 07:22:46
debiancve
debiancve
CVE-2022-1319
2022-08-31 16:15:09
ubuntucve
ubuntucve
CVE-2022-1319
2022-08-31 00:00:00
openvas
openvas
osTicket < 1.16.6, 1.17.x < 1.17.3 Multiple XSS Vulnerabilities
2023-03-14 00:00:00
redhat
redhat
(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update
2022-12-14 13:14:18
(RHSA-2022:7417) Moderate: Red Hat Single Sign-On 7.6.1 security update
2022-11-03 15:13:15
nessus
nessus
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00