Lucene search

K
nvd[email protected]NVD:CVE-2021-3690
HistoryAug 23, 2022 - 4:15 p.m.

CVE-2021-3690

2022-08-2316:15:09
CWE-401
CWE-400
web.nvd.nist.gov
9
undertow websocket pong denial-of-service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.2%

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

Affected configurations

Nvd
Node
redhatfuseMatch1.0
OR
redhatintegration_camel_kMatch-
OR
redhatintegration_camel_quarkusMatch-
OR
redhatjboss_enterprise_application_platformMatch-text-only
OR
redhatopenshift_application_runtimesMatch-text-only
OR
redhatsingle_sign-onMatch-text-only
OR
redhatundertowRange<2.0.40
OR
redhatundertowRange2.1.02.2.10
Node
redhatjboss_enterprise_application_platformMatch7.3
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
Node
redhatjboss_enterprise_application_platformMatch7.4
AND
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
VendorProductVersionCPE
redhatfuse1.0cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
redhatintegration_camel_k-cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
redhatintegration_camel_quarkus-cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform-cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
redhatopenshift_application_runtimes-cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
redhatsingle_sign-on-cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
redhatundertow*cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform7.3cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.2%