CVE-2019-14888

HIGH7.5EPSS 0.24%

Undertow vulnerable to Uncontrolled Resource Consumption

Published: 5/24/2022Modified: 4/28/2026

Also known as:DEBIAN-CVE-2019-14888

Description

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Affected packages (2)

Debian/undertowfrom 0, < 2.0.30-1
Maven/io.undertow:undertow-corefrom 0, < 2.0.29.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-14888
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-14888
WEBhttps://access.redhat.com/errata/RHSA-2020:0729
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
WEBhttps://security.netapp.com/advisory/ntap-20220211-0001