CVE-2021-3859
HIGH7.5EPSS 0.32%Undertow vulnerable to Denial of Service (DoS) attacks
Published: 7/15/2022Modified: 2/22/2024
Also known as:GHSA-339q-62wm-c39w
Description
Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.
Affected packages (2)
- Debian/undertowfrom 0, < 2.2.16-1
- Maven/io.undertow:undertow-corefrom 0, < 2.2.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3859
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-3859
- PATCHhttps://github.com/undertow-io/undertow
- WEBhttps://access.redhat.com/security/cve/cve-2021-3859
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2010378
- WEBhttps://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
- WEBhttps://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
- WEBhttps://github.com/undertow-io/undertow/pull/1296
- WEBhttps://issues.redhat.com/browse/UNDERTOW-1979
- WEBhttps://security.netapp.com/advisory/ntap-20221201-0004