Lucene search

Veracode Vulnerability DatabaseVERACODE:25387

HistoryMay 13, 2020 - 3:23 a.m.

Denial Of Service (DoS)

2020-05-1303:23:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

undertow is vulnerable to denial of service (DoS). The vulnerability exists due a memory exhaustion issue in HttpReadListener via “Expect: 100-continue” header.

CPENameOperatorVersion
eap7-hibernate-searcheq5.5.8__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-searcheq5.10.3__1.Final_redhat_00001.1.el6eap
eap7-hibernate-searcheq5.10.3__1.Final_redhat_00001.1.el7eap
eap7-hibernate-searcheq5.5.2__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-searcheq5.10.3__1.Final_redhat_00001.1.el8eap
eap7-hibernate-searcheq5.5.2__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-searcheq5.5.8__1.Final_redhat_1.1.ep7.el7
eap7-hal-consoleeq3.0.11__1.Final_redhat_00001.1.el7eap
eap7-hal-consoleeq3.0.19__1.Final_redhat_00001.1.el6eap
eap7-hal-consoleeq3.0.17__2.Final_redhat_00001.1.el7eap

Name	Operator	Version
eap7-hibernate-search	eq	5.5.8__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-search	eq	5.10.3__1.Final_redhat_00001.1.el6eap
eap7-hibernate-search	eq	5.10.3__1.Final_redhat_00001.1.el7eap
eap7-hibernate-search	eq	5.5.2__1.Final_redhat_1.1.ep7.el7
eap7-hibernate-search	eq	5.10.3__1.Final_redhat_00001.1.el8eap
eap7-hibernate-search	eq	5.5.2__1.Final_redhat_1.1.ep7.el6
eap7-hibernate-search	eq	5.5.8__1.Final_redhat_1.1.ep7.el7
eap7-hal-console	eq	3.0.11__1.Final_redhat_00001.1.el7eap
eap7-hal-console	eq	3.0.19__1.Final_redhat_00001.1.el6eap
eap7-hal-console	eq	3.0.17__2.Final_redhat_00001.1.el7eap

Rows per page:

1-10 of 19681

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:2060

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1803241

issues.redhat.com/browse/JBEAP-18071

issues.redhat.com/browse/JBEAP-18267

issues.redhat.com/browse/JBEAP-18278

issues.redhat.com/browse/JBEAP-18423

issues.redhat.com/browse/JBEAP-18438

issues.redhat.com/browse/JBEAP-18503

issues.redhat.com/browse/JBEAP-18506

issues.redhat.com/browse/JBEAP-18536

issues.redhat.com/browse/JBEAP-18595

issues.redhat.com/browse/JBEAP-18616

issues.redhat.com/browse/JBEAP-18628

issues.redhat.com/browse/JBEAP-18631

issues.redhat.com/browse/JBEAP-18639

issues.redhat.com/browse/JBEAP-18646

issues.redhat.com/browse/JBEAP-18652

issues.redhat.com/browse/JBEAP-18664

issues.redhat.com/browse/JBEAP-18724

issues.redhat.com/browse/JBEAP-18729

issues.redhat.com/browse/JBEAP-18787

issues.redhat.com/browse/JBEAP-18789

issues.redhat.com/browse/JBEAP-18817

issues.redhat.com/browse/JBEAP-18827

issues.redhat.com/browse/JBEAP-18835

issues.redhat.com/browse/JBEAP-18885

issues.redhat.com/browse/JBEAP-18887

issues.redhat.com/browse/JBEAP-18931

issues.redhat.com/browse/JBEAP-18988

issues.redhat.com/browse/JBEAP-18989

issues.redhat.com/browse/JBEAP-19233

issues.redhat.com/browse/JBEAP-19234

security.netapp.com/advisory/ntap-20220210-0014/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:25387