CVE Vulnerability

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://issues.redhat.com/browse/UNDERTOW-1979 Issue Tracking Patch
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2010378 Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3859 Vendor Advisory
https://github.com/undertow-io/undertow/pull/1296 Third Party Advisory
https://security.netapp.com/advisory/ntap-20221201-0004/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
Information

Published : 2022-08-26 04:15

Updated : 2022-12-13 02:25

NVD link : CVE-2021-3859

Mitre link : CVE-2021-3859

Products Affected

Redhat

Single Sign-on

CWE
CWE-214

Invocation of Process Using Visible Sensitive Information