Integration Camel K
CVE-2022-2764
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
AnalysisAI
A flaw was found in Undertow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Affected products include: Redhat Integration Camel K, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse, Redhat Single Sign-On, Redhat Undertow.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Integration Camel K
View allJMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly whe
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across
A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload
A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat
A flaw was found in XNIO, specifically in the notifyReadClosed method. Rated high severity (CVSS 7.5), this vulnerabilit
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpSer
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulne
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today