57 matches found
CVE-2022-2764
CVE-2022-2764 concerns Undertow. A DoS can occur because the Undertow server waits for LAST_CHUNK forever during EJB invocations, impacting availability (per CVSS vector: Network, Low access, High impact to availability). Public details in the provided documents specify the vulnerability as a DoS...
CVE-2022-21271
CVE-2022-21271 is a vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (Libraries). Affected versions are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The description states it is easily exploitable by an unauthenticated attacker ...
CVE-2022-21618
CVE-2022-21618 affects Oracle Java SE (JGSS, Security, JNDI, Lightweight HTTP Server, Networking) and Oracle GraalVM Enterprise Edition (versions affected: Oracle Java SE 17.0.4.1 and 19; GraalVM EE 21.3.3 and 22.2.0). The vulnerability allows unauthenticated network access via Kerberos (and othe...
CVE-2022-1319
CVE-2022-1319 affects Undertow (via JBoss EAP 7) where an AJP 400 response can trigger two response packets that carry the reuse flag, and the connection reuse logic reads the second SEND_HEADERS instead of CPONG after a CPING. This can lead to a vulnerability in scenarios where connections are r...
CVE-2022-39399
CVE-2022-39399 affects Oracle Java SE and GraalVM Enterprise Edition (Networking component). Affected versions: Oracle Java SE 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM EE 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data integrity, p...
CVE-2022-1259
CVE-2022-1259 is an Undertow-related denial-of-service issue. The root cause is an incomplete fix for CVE-2021-3629, causing potential DoS from HTTP/2 flow-control handling. Connected documents (Nessus plugin references and IBM/Red Hat advisories) confirm this in context of Undertow and note that...
CVE-2020-14664
CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...