CVE-2022-2764: A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

medium4.9CVSS 3.1

AVNACLPRHUINSUCNINAH

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

8 ranges

Vendor	Product	Version range	Fixed in
debian	undertow	< undertow 2.2.21-1 (forky)	undertow 2.2.21-1 (forky)
redhat	jboss_enterprise_application_platform	—	—
redhat	jboss_fuse	—	—
redhat	single_sign-on	—	—
redhat	undertow	—	—
redhat	undertow	—	—
redhat	undertow	>= 0 < 2.2.21-1	2.2.21-1
redhat	undertow	2.0.0 – 2.2.19	—

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

osv4.9MEDIUM