Openshift Application Runtimes
CVE-2022-1319
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
AnalysisAI
A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-252. A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. Affected products include: Redhat Openshift Application Runtimes, Redhat Single Sign-On, Redhat Undertow, Netapp Active Iq Unified Manager, Netapp Cloud Secure Agent.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. Rated critical severi
A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability i
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without typ
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. Rated high severity (CVSS 8.8), thi
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allow
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x
A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat
A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rate
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today