1. Home
  2. Vulnerabilities
  3. CVE-2021-3597

CVE-2021-3597

CVSS v3.1 5.9 (Medium)
59% Progress
CVSS v2.0 2.6 (Low)
26% Progress
EPSS 0.09 % (40th)
0.09% Progress
Affected Products 9
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-05-24 19:15:09
(2 years ago)
Updated Date
2022-11-10 16:43:28
(22 months ago)

Affected Products

Netapp

Redhat

Configuration #1

AND
    CPE23 From Up To
OR  
  Redhat Fuse 1.0 cpe:2.3:a:redhat:fuse:1.0
OR  
  Running on/with
  Redhat Jboss Enterprise Application Platform cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only
OR  
  Running on/with
  Redhat Openshift Application Runtimes cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only
OR  
  Running on/with
  Redhat Single Sign-on cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only
OR  
  Running on/with
  Redhat Undertow prior 2.0.35 version cpe:2.3:a:redhat:undertow < 2.0.35
OR  
  Running on/with
  Redhat Undertow from 2.2.0 version and prior 2.2.6 version cpe:2.3:a:redhat:undertow >= 2.2.0 < 2.2.6
OR  
  Running on/with
  Redhat Undertow 2.0.35 cpe:2.3:a:redhat:undertow:2.0.35:-
OR  
  Running on/with
  Redhat Undertow 2.0.36 cpe:2.3:a:redhat:undertow:2.0.36:-
OR  
  Running on/with
  Redhat Undertow 2.0.39 cpe:2.3:a:redhat:undertow:2.0.39:-
OR  
  Running on/with
  Redhat Undertow 2.2.6 cpe:2.3:a:redhat:undertow:2.2.6:-
OR  
  Running on/with
  Redhat Undertow 2.2.7 cpe:2.3:a:redhat:undertow:2.2.7:-
OR  
  Running on/with
  Redhat Undertow 2.2.9 cpe:2.3:a:redhat:undertow:2.2.9:-

Configuration #2

AND
    CPE23 From Up To
OR  
  Redhat Jboss Enterprise Application Platform 7.3 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3
OR  
  Running on/with
  Redhat Jboss Enterprise Application Platform 7.4 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4
OR  
  Running on/with
  Redhat Enterprise Linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0
OR  
  Running on/with
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
OR  
  Running on/with
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #3

AND
    CPE23 From Up To
OR  
  Netapp Active Iq Unified Manager for Linux cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux
OR  
  Running on/with
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
OR  
  Running on/with
  Netapp Active Iq Unified Manager for Windows cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows
OR  
  Running on/with
  Netapp Oncommand Insight cpe:2.3:a:netapp:oncommand_insight:-
OR  
  Running on/with
  Netapp Oncommand Workflow Automation cpe:2.3:a:netapp:oncommand_workflow_automation:-