Undertow@2.3.0 Security Vulnerabilities and Issues — Undertow@2.3.0 CVE List

Lucene search

RedhatUndertow2.3.0

3 matches found

CVE•added 2022/09/01 9:15 p.m.•192 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

4.9CVSS5.1AI score0.00105EPSS

CVE•added 2022/08/05 4:15 p.m.•182 views

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (...

7.5CVSS7.2AI score0.00434EPSS

CVE•added 2022/08/31 4:15 p.m.•163 views

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADE...

7.5CVSS7.3AI score0.002EPSS