A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HNetapp Cloud Secure Agent
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeRed Hat Jboss Enterprise Application Platform
APPRedhat7.37.4Red Hat Single Sign On
APPRedhat7.4.107.5.1Red Hat Undertow
APPRedhat< 2.2.15
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
Referencje
Powiązane podatności
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....
CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...
CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt
Brak walidacji nagłówka Host w serwerze Undertow HTTP