CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
47.2%
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | fuse | 1.0 | cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:* |
redhat | integration_camel_k | - | cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* |
redhat | integration_camel_quarkus | - | cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | - | cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* |
redhat | openshift_application_runtimes | - | cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* |
redhat | single_sign-on | - | cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* |
redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 7.3 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:* |
redhat | enterprise_linux | 6.0 | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |