CVE-2021-3597: Race Condition
First published: Fri Jun 11 2021(Updated: )
A flaw was found in undertow where HTTP2SourceChannel fails to write final frame under some circumstances may result in DoS. The highest impact of this vulnerability is availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-commons-io | <0:2.10.0-1.redhat_00001.1.el6ea | 0:2.10.0-1.redhat_00001.1.el6ea |
| redhat/eap7-hal-console | <0:3.2.16-1.Final_redhat_00001.1.el6ea | 0:3.2.16-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.20-4.SP2_redhat_00001.1.el6ea | 0:5.3.20-4.SP2_redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.4.35-1.Final_redhat_00001.1.el6ea | 0:1.4.35-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jakarta-el | <0:3.0.3-2.redhat_00006.1.el6ea | 0:3.0.3-2.redhat_00006.1.el6ea |
| redhat/eap7-jberet | <0:1.3.9-1.Final_redhat_00001.1.el6ea | 0:1.3.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-remoting | <0:5.0.23-2.SP1_redhat_00001.1.el6ea | 0:5.0.23-2.SP1_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-9.Final_redhat_00010.1.el6ea | 0:1.7.2-9.Final_redhat_00010.1.el6ea |
| redhat/eap7-narayana | <0:5.9.12-1.Final_redhat_00001.1.el6ea | 0:5.9.12-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-picketbox | <0:5.0.3-9.Final_redhat_00008.1.el6ea | 0:5.0.3-9.Final_redhat_00008.1.el6ea |
| redhat/eap7-undertow | <0:2.0.39-1.SP2_redhat_00001.1.el6ea | 0:2.0.39-1.SP2_redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.9-2.GA_redhat_00002.1.el6ea | 0:7.3.9-2.GA_redhat_00002.1.el6ea |
| redhat/eap7-wildfly-http-client | <0:1.0.29-1.Final_redhat_00002.1.el6ea | 0:1.0.29-1.Final_redhat_00002.1.el6ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.14-2.Final_redhat_00001.1.el6ea | 0:1.1.14-2.Final_redhat_00001.1.el6ea |
| redhat/eap7-apache-commons-io | <0:2.10.0-1.redhat_00001.1.el7ea | 0:2.10.0-1.redhat_00001.1.el7ea |
| redhat/eap7-hal-console | <0:3.2.16-1.Final_redhat_00001.1.el7ea | 0:3.2.16-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.20-4.SP2_redhat_00001.1.el7ea | 0:5.3.20-4.SP2_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.4.35-1.Final_redhat_00001.1.el7ea | 0:1.4.35-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jakarta-el | <0:3.0.3-2.redhat_00006.1.el7ea | 0:3.0.3-2.redhat_00006.1.el7ea |
| redhat/eap7-jberet | <0:1.3.9-1.Final_redhat_00001.1.el7ea | 0:1.3.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-remoting | <0:5.0.23-2.SP1_redhat_00001.1.el7ea | 0:5.0.23-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-9.Final_redhat_00010.1.el7ea | 0:1.7.2-9.Final_redhat_00010.1.el7ea |
| redhat/eap7-narayana | <0:5.9.12-1.Final_redhat_00001.1.el7ea | 0:5.9.12-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-picketbox | <0:5.0.3-9.Final_redhat_00008.1.el7ea | 0:5.0.3-9.Final_redhat_00008.1.el7ea |
| redhat/eap7-undertow | <0:2.0.39-1.SP2_redhat_00001.1.el7ea | 0:2.0.39-1.SP2_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.9-2.GA_redhat_00002.1.el7ea | 0:7.3.9-2.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-http-client | <0:1.0.29-1.Final_redhat_00002.1.el7ea | 0:1.0.29-1.Final_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.14-2.Final_redhat_00001.1.el7ea | 0:1.1.14-2.Final_redhat_00001.1.el7ea |
| redhat/eap7-apache-commons-io | <0:2.10.0-1.redhat_00001.1.el8ea | 0:2.10.0-1.redhat_00001.1.el8ea |
| redhat/eap7-hal-console | <0:3.2.16-1.Final_redhat_00001.1.el8ea | 0:3.2.16-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.20-4.SP2_redhat_00001.1.el8ea | 0:5.3.20-4.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.4.35-1.Final_redhat_00001.1.el8ea | 0:1.4.35-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jakarta-el | <0:3.0.3-2.redhat_00006.1.el8ea | 0:3.0.3-2.redhat_00006.1.el8ea |
| redhat/eap7-jberet | <0:1.3.9-1.Final_redhat_00001.1.el8ea | 0:1.3.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-remoting | <0:5.0.23-2.SP1_redhat_00001.1.el8ea | 0:5.0.23-2.SP1_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-9.Final_redhat_00010.1.el8ea | 0:1.7.2-9.Final_redhat_00010.1.el8ea |
| redhat/eap7-narayana | <0:5.9.12-1.Final_redhat_00001.1.el8ea | 0:5.9.12-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-picketbox | <0:5.0.3-9.Final_redhat_00008.1.el8ea | 0:5.0.3-9.Final_redhat_00008.1.el8ea |
| redhat/eap7-undertow | <0:2.0.39-1.SP2_redhat_00001.1.el8ea | 0:2.0.39-1.SP2_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.9-2.GA_redhat_00002.1.el8ea | 0:7.3.9-2.GA_redhat_00002.1.el8ea |
| redhat/eap7-wildfly-http-client | <0:1.0.29-1.Final_redhat_00002.1.el8ea | 0:1.0.29-1.Final_redhat_00002.1.el8ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.14-2.Final_redhat_00001.1.el8ea | 0:1.1.14-2.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.2.9-2.SP1_redhat_00001.1.el8ea | 0:2.2.9-2.SP1_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.2.9-2.SP1_redhat_00001.1.el7ea | 0:2.2.9-2.SP1_redhat_00001.1.el7ea |
| redhat/undertow | <2.0.35. | 2.0.35. |
| redhat/undertow | <2.2.6. | 2.2.6. |
| redhat/undertow | <2.0.36. | 2.0.36. |
| redhat/undertow | <2.2.9. | 2.2.9. |
| redhat/undertow | <2.0.39. | 2.0.39. |
| Redhat Fuse | =1.0 | |
| Redhat Jboss Enterprise Application Platform | ||
| Redhat Openshift Application Runtimes | ||
| Redhat Single Sign-on | ||
| Redhat Undertow | <2.0.35 | |
| Redhat Undertow | >=2.2.0<2.2.6 | |
| Redhat Undertow | =2.0.35 | |
| Redhat Undertow | =2.0.36 | |
| Redhat Undertow | =2.0.39 | |
| Redhat Undertow | =2.2.6 | |
| Redhat Undertow | =2.2.7 | |
| Redhat Undertow | =2.2.9 | |
| Redhat Jboss Enterprise Application Platform | =7.3 | |
| Redhat Jboss Enterprise Application Platform | =7.4 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Netapp Active Iq Unified Manager Linux | ||
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1970930
- https://security.netapp.com/advisory/ntap-20220804-0003/
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2021:3471
- https://access.redhat.com/errata/RHSA-2021:3468
- https://access.redhat.com/errata/RHSA-2021:3466
- https://access.redhat.com/errata/RHSA-2021:3467
- https://access.redhat.com/security/cve/cve-2021-3597
- https://access.redhat.com/errata/RHSA-2021:3516
- https://access.redhat.com/errata/RHSA-2021:3534
- https://access.redhat.com/errata/RHSA-2021:3656
- https://access.redhat.com/errata/RHSA-2021:3658
- https://access.redhat.com/errata/RHSA-2021:3660
- https://access.redhat.com/errata/RHSA-2021:5134
- https://access.redhat.com/errata/RHSA-2022:1179
- https://www.cve.org/CVERecord?id=CVE-2021-3597 https://nvd.nist.gov/vuln/detail/CVE-2021-3597
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3597
- agent/software-canonical-lookup
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/redhat
- canonical/redhat fuse
- version/redhat fuse/1.0
- canonical/redhat jboss enterprise application platform
- canonical/redhat openshift application runtimes
- canonical/redhat single sign-on
- canonical/redhat undertow
- version/redhat undertow/2.2.0
- version/redhat undertow/2.0.35
- version/redhat undertow/2.0.36
- version/redhat undertow/2.0.39
- version/redhat undertow/2.2.6
- version/redhat undertow/2.2.7
- version/redhat undertow/2.2.9
- version/redhat jboss enterprise application platform/7.3
- version/redhat jboss enterprise application platform/7.4
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- vendor/netapp
- canonical/netapp active iq unified manager linux
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation