CVE-2022-1319

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified) JBoss EAP 7

Description A flaw was found in Undertow, where for an AJP 400 response, JBoss EAP 7 improperly sends two response packets with the reuse flag set, even though the connection is closed. This leads to a failure when the connection is reused after a 400 response by CPING, as it reads the second SEND HEADERS response packet instead of a CPONG.

Recommendations For JBoss EAP 7, consider disabling the reuse of connections after an AJP 400 response as a temporary workaround until a patch is available. Restrict access to the AJP protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.