Published: 31/08/2022 Updated: 07/11/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat single sign-on 7.0
redhat openshift application runtimes -
redhat undertow 2.3.0
redhat undertow 2.2.19
redhat undertow 2.2.17
redhat undertow
netapp oncommand workflow automation -
netapp oncommand insight -
netapp active iq unified manager -
netapp cloud secure agent -

Debian Bug report logs - #1016448 undertow: CVE-2022-1319 CVE-2021-3629 Package: src:undertow; Maintainer for src:undertow is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 31 Jul 2022 19:39:02 UTC Severity: grave Tags: security, ups ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...

Synopsis Moderate: Red Hat support for Spring Boot 272 update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Application Runtimes Description Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths an ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

CWE-252 https://issues.redhat.com/browse/UNDERTOW-2060 https://access.redhat.com/security/cve/CVE-2022-1319 https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3 https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b https://bugzilla.redhat.com/show_bug.cgi?id=2073890 https://security.netapp.com/advisory/ntap-20221014-0006/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448 https://nvd.nist.gov

CVE-2022-1319

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect