← Back

CVE-2022-1259

nvd nist
Published: Aug 31, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

Affected (14)

Redhat
6 products
Build Of Quarkus
Integration Camel K
Jboss Enterprise Application Platform
Openshift Application Runtimes
Single Sign On
Undertow
Netapp
4 products
Active Iq Unified Manager
Cloud Secure Agent
Oncommand Insight
Oncommand Workflow Automation
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Build Of Quarkus
All versions
Integration Camel K
All versions
Jboss Enterprise Application Platform
Version 7.0.0
Openshift Application Runtimes
All versions
Single Sign On
Version 7.0
Redhat
Undertow
Up to 2.2.17
Undertow
Version 2.2.18
Undertow
Version 2.2.19
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Cloud Secure Agent
All versions
Oncommand Insight
All versions
Oncommand Workflow Automation
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.