7.5

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.29% 0.665
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-214 Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://access.redhat.com/security/cve/CVE-2021-3859
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2010378
Vendor Advisory
Issue Tracking
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
Patch
Third Party Advisory
https://github.com/undertow-io/undertow/pull/1296
Third Party Advisory
https://issues.redhat.com/browse/UNDERTOW-1979
Patch
Vendor Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20221201-0004/
Third Party Advisory