Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1319


A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.


Published

2022-08-31T16:15:09.410

Last Modified

2024-11-21T06:40:28.920

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-252
  • Type: Secondary
    CWE-252

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat openshift_application_runtimes - Yes
Application redhat single_sign-on 7.0 Yes
Application redhat undertow < 2.2.17 Yes
Application redhat undertow 2.2.17 Yes
Application redhat undertow 2.2.17 Yes
Application redhat undertow 2.2.17 Yes
Application redhat undertow 2.2.19 Yes
Application redhat undertow 2.2.19 Yes
Application redhat undertow 2.3.0 Yes
Application netapp active_iq_unified_manager - Yes
Application netapp active_iq_unified_manager - Yes
Application netapp active_iq_unified_manager - Yes
Application netapp cloud_secure_agent - Yes
Application netapp oncommand_insight - Yes
Application netapp oncommand_workflow_automation - Yes

References