Skip to main content

Integration Camel K CVE-2022-2764

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2022-09-01 secalert@redhat.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 01, 2022 - 21:15 nvd
MEDIUM 4.9

DescriptionNVD

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

AnalysisAI

A flaw was found in Undertow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Affected products include: Redhat Integration Camel K, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse, Redhat Single Sign-On, Redhat Undertow.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2023-4853 HIGH POC
8.1 Sep 20

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly whe

CVE-2024-7885 HIGH
7.5 Aug 21

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across

CVE-2023-1108 HIGH
7.5 Sep 14

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2022-1278 HIGH
7.5 Sep 13

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload

CVE-2022-1259 HIGH
7.5 Aug 31

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2022-0084 HIGH
7.5 Aug 26

A flaw was found in XNIO, specifically in the notifyReadClosed method. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2022-2053 HIGH
7.5 Aug 05

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpSer

CVE-2021-20218 HIGH
7.4 Mar 16

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulne

CVE-2021-3642 MEDIUM
5.3 Aug 05

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

Share

CVE-2022-2764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy