A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
References
Link | Resource |
---|---|
https://issues.redhat.com/browse/UNDERTOW-1979 | Issue Tracking Patch Vendor Advisory |
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2010378 | Issue Tracking Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2021-3859 | Vendor Advisory |
https://github.com/undertow-io/undertow/pull/1296 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221201-0004/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2022-08-26 09:15
Updated : 2022-12-12 18:25
NVD link : CVE-2021-3859
Mitre link : CVE-2021-3859
JSON object : View
CWE
CWE-214
Invocation of Process Using Visible Sensitive Information
Products Affected
redhat
- undertow
- jboss_enterprise_application_platform
- single_sign-on
netapp
- oncommand_insight
- cloud_secure_agent
- oncommand_workflow_automation