HIGH✓ PATCH🇬🇧 English

CVE-2021-3859

CVSS 7.5v3.1pub. 2022-08-26upd. 2024-11-21

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Netapp Cloud Secure Agent

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.37.4
  • Red Hat Single Sign On

    APP
    Redhat
    7.4.107.5.1
  • Red Hat Undertow

    APP
    Redhat
    < 2.2.15
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2021-3859 — HIGH 7.5 | CVEbaza.pl