Vulnerability Description
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
CVSS Score
4.9
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Integration Camel K | - |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
| Redhat | Jboss Fuse | 7.0.0 |
| Redhat | Single Sign-On | 7.0 |
| Redhat | Undertow | >= 2.0.0, <= 2.2.19 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Secure Agent | - |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Workflow Automation | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2117506Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20221014-0006/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2117506Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20221014-0006/Third Party Advisory
FAQ
What is CVE-2022-2764?
CVE-2022-2764 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
How severe is CVE-2022-2764?
CVE-2022-2764 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2764?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Integration Camel K, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse, Redhat Single Sign-On, Redhat Undertow.