1. Home
  2. Vulnerabilities
  3. CVE-2021-3859

CVE-2021-3859

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.59 % (79th)
0.59% Progress
Affected Products 6
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

Weaknesses
CWE-214
Invocation of Process Using Visible Sensitive Information
CWE-668
Exposure of Resource to Wrong Sphere
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-08-26 16:15:09
(2 years ago)
Updated Date
2022-12-13 02:25:10
(21 months ago)

Affected Products

Netapp

Redhat

Configuration #1

    CPE23 From Up To
  Redhat Jboss Enterprise Application Platform 7.3 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3
  Redhat Jboss Enterprise Application Platform 7.4 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4
  Redhat Single Sign-on 7.4.10 cpe:2.3:a:redhat:single_sign-on:7.4.10
  Redhat Single Sign-on 7.5.1 cpe:2.3:a:redhat:single_sign-on:7.5.1
  Redhat Undertow prior 2.2.15 version cpe:2.3:a:redhat:undertow < 2.2.15

Configuration #2

    CPE23 From Up To
  Netapp Cloud Secure Agent cpe:2.3:a:netapp:cloud_secure_agent:-
  Netapp Oncommand Insight cpe:2.3:a:netapp:oncommand_insight:-
  Netapp Oncommand Workflow Automation cpe:2.3:a:netapp:oncommand_workflow_automation:-