CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

Information

Published : 2022-08-31 09:15

Updated : 2022-11-07 11:09


NVD link : CVE-2022-1319

Mitre link : CVE-2022-1319


JSON object : View

CWE
CWE-252

Unchecked Return Value

Advertisement

dedicated server usa

Products Affected

redhat

  • undertow
  • single_sign-on
  • openshift_application_runtimes

netapp

  • oncommand_insight
  • cloud_secure_agent
  • active_iq_unified_manager
  • oncommand_workflow_automation