Published: 26/08/2022 Updated: 13/12/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Jboss Enterprise Application Platform

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an malicious user to carry out denial of service attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 7.3
redhat jboss enterprise application platform 7.4
redhat undertow
redhat single sign-on 7.5.1
redhat single sign-on 7.4.10
netapp oncommand workflow automation -
netapp oncommand insight -
netapp cloud secure agent -

Debian Bug report logs - #1015983 undertow: CVE-2021-3859 Package: src:undertow; Maintainer for src:undertow is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 24 Jul 2022 18:48:01 UTC Severity: grave Tags: security Reply or sub ...

Synopsis Important: Red Hat support for Spring Boot 2510 update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Important: Red Hat Single Sign-On 7410 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 743 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 743 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 73 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 7 ...

Synopsis Important: Red Hat Single Sign-On 7410 on OpenJ9 for OpenShift image security update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJ9, running on OpenShift Container Platform 310 and 311, and 43 Description Red Hat Single Sign-On is an integrated sign-on sol ...

Synopsis Important: Red Hat Single Sign-On 751 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 75 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 73 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: Red Hat Single Sign-On 751 for OpenShift image security and enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 751, running on OpenShift Container Platform 310 and 311, and 49Red Hat Product Security has rated this update as having a security impa ...

Synopsis Important: Red Hat Single Sign-On 7410 on OpenJDK for OpenShift image security update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJDK, running on OpenShift Container Platform 310 and 311, and 43 Description Red Hat Single Sign-On is an integrated sign-on s ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

Synopsis Important: Red Hat Single Sign-On 751 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 751 packages are now available for Red Hat Enterprise Linux 7Red Hat ...

Synopsis Important: Red Hat Single Sign-On 751 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 751 packages are now available for Red Hat Enterprise Linux 8Red Hat ...

CWE-214 https://issues.redhat.com/browse/UNDERTOW-1979 https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 https://bugzilla.redhat.com/show_bug.cgi?id=2010378 https://access.redhat.com/security/cve/CVE-2021-3859 https://github.com/undertow-io/undertow/pull/1296 https://security.netapp.com/advisory/ntap-20221201-0004/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983 https://nvd.nist.gov

Get Started

CVE-2021-3859

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect