HIGH 7.5 Maven
Undertow vulnerable to Denial of Service (DoS) attacks
GHSA-339q-62wm-c39w · CVE-2021-3859
Published · Modified
Description
Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3859
- WEB https://github.com/undertow-io/undertow/pull/1296
- WEB https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
- WEB https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
- WEB https://access.redhat.com/security/cve/cve-2021-3859
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=2010378
- PACKAGE https://github.com/undertow-io/undertow
- WEB https://issues.redhat.com/browse/UNDERTOW-1979
- WEB https://security.netapp.com/advisory/ntap-20221201-0004
Ready to move
Start Securing
Free, no credit card | First findings in minutes