CVE-2020-27782

Published: Feb 23, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

Affected (6)

Products: Redhat: Jboss Fuse, Openshift Application Runtimes, Undertow

Redhat

3 products

Jboss Fuse

Openshift Application Runtimes

Undertow

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Fuse	Version 6.0.0
Redhat Jboss Fuse	Version 7.0.0
Redhat Openshift Application Runtimes	All versions
Redhat Undertow	Version 2.0.33 sp2
Redhat Undertow	Version 2.1.5 sp1
Redhat Undertow	Version 2.2.3 sp1

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1901304

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1901304

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.