Skip to main content

Integration Camel K CVE-2022-0084

HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2022-08-26 secalert@redhat.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 26, 2022 - 18:15 nvd
HIGH 7.5

DescriptionNVD

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

AnalysisAI

A flaw was found in XNIO, specifically in the notifyReadClosed method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. Affected products include: Redhat Integration Camel K, Redhat Integration Camel Quarkus, Redhat Single Sign-On, Redhat Xnio.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2023-4853 HIGH POC
8.1 Sep 20

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly whe

CVE-2024-7885 HIGH
7.5 Aug 21

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across

CVE-2023-1108 HIGH
7.5 Sep 14

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2022-1278 HIGH
7.5 Sep 13

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload

CVE-2022-1259 HIGH
7.5 Aug 31

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2022-2053 HIGH
7.5 Aug 05

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpSer

CVE-2021-20218 HIGH
7.4 Mar 16

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulne

CVE-2021-3642 MEDIUM
5.3 Aug 05

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final

CVE-2022-2764 MEDIUM
4.9 Sep 01

A flaw was found in Undertow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack c

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

Share

CVE-2022-0084 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy