high
7.5
CWE
252
Advisory Published
Updated

CVE-2022-1319

First published: Mon Apr 11 2022(Updated: )

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/eap7-undertow<0:2.2.17-2.SP4_redhat_00001.1.el8ea
0:2.2.17-2.SP4_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.17-2.SP4_redhat_00001.1.el7ea
0:2.2.17-2.SP4_redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el7
0:18.0.3-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el8
0:18.0.3-1.redhat_00001.1.el8
redhat/rh-sso7<0:1-5.el9
0:1-5.el9
redhat/rh-sso7-javapackages-tools<0:6.0.0-7.el9
0:6.0.0-7.el9
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el9
0:18.0.3-1.redhat_00001.1.el9
Redhat Openshift Application Runtimes
Redhat Single Sign-on=7.0
Redhat Undertow<2.2.17
Redhat Undertow=2.2.17
Redhat Undertow=2.2.17-sp1
Redhat Undertow=2.2.17-sp2
Redhat Undertow=2.2.19
Redhat Undertow=2.2.19-sp1
Redhat Undertow=2.3.0-alpha1
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
Netapp Cloud Secure Agent
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation

Remedy

https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b

Remedy

https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID of this flaw?

    The vulnerability ID of this flaw is CVE-2022-1319.

  • What is the severity level of CVE-2022-1319?

    The severity level of CVE-2022-1319 is high with a score of 7.5.

  • How does EAP 7 handle the AJP 400 response in CVE-2022-1319?

    EAP 7 improperly sends two response packets for an AJP 400 response, which causes a failure when the connection is reused.

  • Which software packages are affected by CVE-2022-1319?

    The affected software packages include eap7-undertow, rh-sso7-keycloak, Redhat Openshift Application Runtimes, Redhat Single Sign-on, and Netapp Active Iq Unified Manager.

  • How can I fix CVE-2022-1319?

    Apply the appropriate security updates provided by the vendor to fix CVE-2022-1319.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203