CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Configurations

Configuration 1

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

Information

Published : 2022-08-31 04:15

Updated : 2022-11-07 07:09


NVD link : CVE-2022-1319

Mitre link : CVE-2022-1319

Products Affected
CWE
CWE-252

Unchecked Return Value