PT-2022-18544 · Undertow · Undertow

Sandipan Roy

·

Published

2022-09-01

·

Updated

2022-11-07

·

CVE-2022-2764

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)
Description A flaw was found in Undertow, allowing denial of service as the Undertow server waits for the LAST CHUNK forever for EJB invocations.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-2764
RHSA-2022:8790
RHSA-2022:8791
RHSA-2022:8792
RHSA-2023:1043
RHSA-2023:1044
RHSA-2023:1045

Affected Products

Undertow