A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888 | Issue Tracking Vendor Advisory |
https://access.redhat.com/errata/RHSA-2020:0729 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220211-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2020-01-23 09:15
Updated : 2022-04-01 08:45
NVD link : CVE-2019-14888
Mitre link : CVE-2019-14888
JSON object : View
CWE
Products Affected
redhat
- undertow
- jboss_data_grid
- jboss_enterprise_application_platform
- single_sign-on
- jboss_fuse
netapp
- active_iq_unified_manager