CVE-2022-2764

CWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
4.9MEDIUM
EPSS
0.3%
top 42.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Redhat UndertowRedhat Jboss Enterprise Application PlatformRedhat Jboss Fuse+1 more
Timeline
PublishedSep 1
Latest updateSep 2

Description

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

Debianundertow< 2.2.21-1
NVDredhat/undertow2.0.02.2.19+1
CVEListV5undertowundertow 2.x

🔴Vulnerability Details

3
GHSA
GHSA-xpxq-cp94-87j2: A flaw was found in Undertow2022-09-02
CVEList
CVE-2022-2764: A flaw was found in Undertow2022-09-01
OSV
CVE-2022-2764: A flaw was found in Undertow2022-09-01

📋Vendor Advisories

2
Red Hat
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations2022-08-11
Debian
CVE-2022-2764: undertow - A flaw was found in Undertow. Denial of service can be achieved as Undertow serv...2022