Undertow@* Security Vulnerabilities and Issues — Undertow@* CVE List

Lucene search

RedhatUndertow*

8 matches found

CVE•added 2022/05/24 7:15 p.m.•259 views

CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and...

5.9CVSS6AI score0.00093EPSS

CVE•added 2022/08/23 4:15 p.m.•257 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

7.5CVSS7.1AI score0.00557EPSS

CVE•added 2022/08/26 4:15 p.m.•216 views

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

7.5CVSS7.1AI score0.00191EPSS

CVE•added 2022/05/24 7:15 p.m.•195 views

CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1...

5.9CVSS5.5AI score0.0017EPSS

CVE•added 2022/09/01 9:15 p.m.•193 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

4.9CVSS5.1AI score0.00105EPSS

CVE•added 2022/08/05 4:15 p.m.•183 views

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (...

7.5CVSS7.2AI score0.00434EPSS

CVE•added 2022/08/31 4:15 p.m.•163 views

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADE...

7.5CVSS7.3AI score0.002EPSS

CVE•added 2022/08/31 4:15 p.m.•131 views

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

7.5CVSS6.3AI score0.00151EPSS