CVE-2022-2764
- EPSS 0.79%
- Veröffentlicht 01.09.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 07:01:39
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
CVE-2022-1319
- EPSS 1.26%
- Veröffentlicht 31.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:40:28
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400...
CVE-2022-1259
- EPSS 1.07%
- Veröffentlicht 31.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:40:21
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
CVE-2021-3859
- EPSS 1.29%
- Veröffentlicht 26.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:40
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
CVE-2021-3690
- EPSS 1.38%
- Veröffentlicht 23.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:09
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
CVE-2022-2053
- EPSS 0.87%
- Veröffentlicht 05.08.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 07:00:14
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in th...
CVE-2021-3629
- EPSS 1.18%
- Veröffentlicht 24.05.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:01
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw af...
CVE-2021-3597
- EPSS 1.06%
- Veröffentlicht 24.05.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:56
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...
CVE-2019-19343
- EPSS 1.63%
- Veröffentlicht 23.03.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:34:36
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1...
CVE-2020-27782
- EPSS 1.27%
- Veröffentlicht 23.02.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:21:49
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vul...