CVE-2021-3629
First published: Mon Mar 29 2021(Updated: )
A flaw was found in Undertow where a potential security issue in flow control handling by browser over HTTP/2 may potentially cause overhead or DOS in the server. The highest impact of this vulnerability is availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el6ea | 0:3.3.12-1.redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el6ea | 0:1.5.3-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el6ea | 0:3.0.3-3.redhat_00007.1.el6ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el6ea | 0:4.0.43-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el6ea | 0:1.7.2-10.Final_redhat_00011.1.el6ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el6ea | 0:1.14.2-1.redhat_00002.1.el6ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el6ea | 0:3.11.5-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el6ea | 0:2.0.41-1.SP1_redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el6ea | 0:7.3.10-2.GA_redhat_00003.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el6ea | 0:1.10.15-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el6ea | 0:2.2.7-1.redhat_00001.1.el6ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el6ea | 0:2.1.7-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el7ea | 0:3.3.12-1.redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el7ea | 0:1.5.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el7ea | 0:3.0.3-3.redhat_00007.1.el7ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el7ea | 0:4.0.43-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el7ea | 0:1.7.2-10.Final_redhat_00011.1.el7ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el7ea | 0:1.14.2-1.redhat_00002.1.el7ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el7ea | 0:3.11.5-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el7ea | 0:2.0.41-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el7ea | 0:7.3.10-2.GA_redhat_00003.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el7ea | 0:1.10.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el7ea | 0:2.2.7-1.redhat_00001.1.el7ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el7ea | 0:2.1.7-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el8ea | 0:3.3.12-1.redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el8ea | 0:1.5.3-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el8ea | 0:3.0.3-3.redhat_00007.1.el8ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el8ea | 0:4.0.43-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el8ea | 0:1.7.2-10.Final_redhat_00011.1.el8ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el8ea | 0:1.14.2-1.redhat_00002.1.el8ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el8ea | 0:3.11.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el8ea | 0:2.0.41-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el8ea | 0:7.3.10-2.GA_redhat_00003.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el8ea | 0:1.10.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el8ea | 0:2.2.7-1.redhat_00001.1.el8ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el8ea | 0:2.1.7-1.redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.2.12-2.Final_redhat_00001.1.el8ea | 0:2.2.12-2.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.2.12-2.Final_redhat_00001.1.el7ea | 0:2.2.12-2.Final_redhat_00001.1.el7ea |
| redhat/undertow | <2.0.40. | 2.0.40. |
| redhat/undertow | <2.2.11. | 2.2.11. |
| Red Hat Integration | ||
| JBoss Enterprise Application Platform | ||
| Red Hat Single Sign-On | ||
| Red Hat Undertow | <2.0.40 | |
| Red Hat Undertow | >=2.2.0<2.2.11 | |
| Red Hat WildFly Core | <17.0 | |
| JBoss Enterprise Application Platform | =7.4 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| JBoss Enterprise Application Platform | =7.3 | |
| Red Hat Enterprise Linux | =6.0 | |
| NetApp Active IQ Unified Manager | ||
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Active IQ Unified Manager | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1977362
- https://security.netapp.com/advisory/ntap-20220729-0008/
- https://access.redhat.com/errata/RHSA-2021:4679
- https://access.redhat.com/errata/RHSA-2021:4676
- https://access.redhat.com/errata/RHSA-2021:4677
- https://access.redhat.com/errata/RHSA-2021:4767
- https://access.redhat.com/errata/RHSA-2021:5134
- https://access.redhat.com/errata/RHSA-2021:5150
- https://access.redhat.com/errata/RHSA-2021:5151
- https://access.redhat.com/errata/RHSA-2021:5154
- https://access.redhat.com/errata/RHSA-2021:5149
- https://access.redhat.com/errata/RHSA-2021:5170
- https://access.redhat.com/security/cve/cve-2021-3629
- https://access.redhat.com/errata/RHSA-2022:0146
- https://access.redhat.com/errata/RHSA-2022:1179
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/errata/RHSA-2022:6407
- https://www.cve.org/CVERecord?id=CVE-2021-3629 https://nvd.nist.gov/vuln/detail/CVE-2021-3629
- https://access.redhat.com/security/cve/CVE-2021-3629
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2021-3629?
The severity of CVE-2021-3629 is assessed as high due to its potential impact on system availability.
How do I fix CVE-2021-3629?
To fix CVE-2021-3629, you should upgrade to the latest versions of the affected packages as specified in the remediation provided by Red Hat.
What products are affected by CVE-2021-3629?
CVE-2021-3629 affects multiple Red Hat products including eap7-apache-cxf, eap7-ironjacamar, eap7-undertow, and others across various versions.
What is the nature of the vulnerability in CVE-2021-3629?
CVE-2021-3629 involves a flaw in Undertow's flow control handling over HTTP/2, potentially leading to denial-of-service (DoS) conditions.
When was CVE-2021-3629 published?
CVE-2021-3629 was published publicly in 2021.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3629
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat integration
- canonical/jboss enterprise application platform
- canonical/red hat single sign-on
- canonical/red hat undertow
- version/red hat undertow/2.2.0
- canonical/red hat wildfly core
- version/jboss enterprise application platform/7.4
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/jboss enterprise application platform/7.3
- version/red hat enterprise linux/6.0
- vendor/netapp
- canonical/netapp active iq unified manager
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation