CVE-2021-3859

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.2.15 Final

Description A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

Recommendations For versions prior to 2.2.15 Final, update to version 2.2.15 Final or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP2 calls to minimize the risk of exploitation.

Fix

DoS

Exposure of Resource to Wrong Sphere

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-400CWE-214

Related Identifiers

CVE-2021-3859

GHSA-339Q-62WM-C39W

RHSA-2022:0400

RHSA-2022:0401

RHSA-2022:0405

RHSA-2022:0447

RHSA-2022:0448

RHSA-2024:10207

RHSA-2025:4226

Affected Products

Undertow

CVE-2021-3859

Weakness Enumeration

Related Identifiers

Affected Products

References · 19