First published: Wed Apr 06 2022(Updated: )
A flaw was found in Undertow where a potential security issue in flow control handling by browser over HTTP/2 may potentially cause overhead or DOS in the server. The highest impact of this vulnerability is availability.(incomplete fix for <a href="https://access.redhat.com/security/cve/CVE-2021-3629">CVE-2021-3629</a>)
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-undertow | <0:2.2.19-1.SP2_redhat_00001.1.el8ea | 0:2.2.19-1.SP2_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.2.19-1.SP2_redhat_00001.1.el9ea | 0:2.2.19-1.SP2_redhat_00001.1.el9ea |
redhat/eap7-undertow | <0:2.2.19-1.SP2_redhat_00001.1.el7ea | 0:2.2.19-1.SP2_redhat_00001.1.el7ea |
IBM Watson Knowledge Catalog on-prem | <=4.x | |
Redhat Build Of Quarkus | ||
Redhat Integration Camel K | ||
Redhat Jboss Enterprise Application Platform | =7.0.0 | |
Redhat Openshift Application Runtimes | ||
Redhat Single Sign-on | =7.0 | |
Redhat Undertow | <=2.2.17 | |
Redhat Undertow | =2.2.18 | |
Redhat Undertow | =2.2.19 | |
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Secure Agent | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-1259 is a vulnerability in Undertow that may cause overhead or a denial of service in the server due to a potential security issue in flow control handling by the browser over HTTP/2.
CVE-2022-1259 has a severity score of 7.5 (high).
To fix the CVE-2022-1259 vulnerability, update to version 2.2.19-1.SP2_redhat_00001.1.el8ea or higher for eap7-undertow.
CVE-2022-1259 affects eap7-undertow versions 2.2.17 up to and including 2.2.19, Redhat Jboss Enterprise Application Platform 7.0.0, and other related packages.
The CWEs associated with CVE-2022-1259 are CWE-400: Uncontrolled Resource Consumption and CWE-770: Allocation of Resources Without Limits or Throttling.