What is the severity of CVE-2019-14888?

CVE-2019-14888 is classified as a high severity vulnerability due to its potential to cause a Denial of Service (DoS) on the Undertow HTTP server.

How do I fix CVE-2019-14888?

To fix CVE-2019-14888, upgrade to Undertow version 2.0.28 or later, or apply the appropriate security patches provided by Red Hat.

What are the affected versions for CVE-2019-14888?

CVE-2019-14888 affects Undertow versions prior to 2.0.28.SP1 when configured to listen on HTTPS.

What type of attack is possible with CVE-2019-14888?

CVE-2019-14888 enables an attacker to perform a Denial of Service (DoS) attack against the server by targeting the HTTPS port.

Which products are impacted by CVE-2019-14888?

Products such as Red Hat JBoss EAP, Undertow and related packages are impacted by CVE-2019-14888.

Vulnerability/
CVE-2019-14888

high

7.5

CWE

400

14/11/2019

20/1/2020

23/1/2020

26/8/2024

CVE-2019-14888

First published: Thu Nov 14 2019(Updated: )

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Credit: secalert@redhat.com

Remedy

Enable HTTP2 (enable-http2="true") in the undertow's HTTPS settings.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2019-14888?
CVE-2019-14888 is classified as a high severity vulnerability due to its potential to cause a Denial of Service (DoS) on the Undertow HTTP server.
How do I fix CVE-2019-14888?
To fix CVE-2019-14888, upgrade to Undertow version 2.0.28 or later, or apply the appropriate security patches provided by Red Hat.
What are the affected versions for CVE-2019-14888?
CVE-2019-14888 affects Undertow versions prior to 2.0.28.SP1 when configured to listen on HTTPS.
What type of attack is possible with CVE-2019-14888?
CVE-2019-14888 enables an attacker to perform a Denial of Service (DoS) attack against the server by targeting the HTTPS port.
Which products are impacted by CVE-2019-14888?
Products such as Red Hat JBoss EAP, Undertow and related packages are impacted by CVE-2019-14888.

collector/redhat-cve
agent/type
agent/first-publish-date
agent/author
agent/severity
agent/remedy
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-14888
agent/software-canonical-lookup
agent/references
agent/last-modified-date
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/redhat
canonical/red hat undertow
version/red hat undertow/2.0.28
canonical/red hat jboss data grid
version/red hat jboss data grid/7.0.0
canonical/jboss enterprise application platform
version/jboss enterprise application platform/7.0.0
canonical/red hat jboss fuse
version/red hat jboss fuse/6.0.0
version/red hat jboss fuse/7.0.0
canonical/red hat single sign-on
version/red hat single sign-on/7.0
vendor/netapp
canonical/netapp active iq unified manager
canonical/netapp active iq unified manager for vmware vsphere