CVE-2021-3597

EPSS 0.17%
Veröffentlicht 24.05.2022 19:15:09
Zuletzt bearbeitet 21.11.2024 06:21:56
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Fuse Version1.0

Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only

Redhat ≫ Openshift Application Runtimes Version- SwEditiontext-only

Redhat ≫ Single Sign-on Version- SwEditiontext-only

Redhat ≫ Undertow Version < 2.0.35

Redhat ≫ Undertow Version >= 2.2.0 < 2.2.6

Redhat ≫ Undertow Version2.0.35 Update-

Redhat ≫ Undertow Version2.0.36 Update-

Redhat ≫ Undertow Version2.0.39 Update-

Redhat ≫ Undertow Version2.2.6 Update-

Redhat ≫ Undertow Version2.2.7 Update-

Redhat ≫ Undertow Version2.2.9 Update-

Redhat ≫ Jboss Enterprise Application Platform Version7.3

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Jboss Enterprise Application Platform Version7.4

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.392

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://bugzilla.redhat.com/show_bug.cgi?id=1970930

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20220804-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3597

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3597

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3597

EUVD