CVE-2022-1319
Summary
| CVE | CVE-2022-1319 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-31 16:15:00 UTC |
|---|
| Updated | 2022-11-07 19:09:00 UTC |
|---|
| Description | A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Merge pull request #1331 from fl4via/UNDERTOW-2060 · undertow-io/undertow@7c5b3ab · GitHub |
MISC |
github.com |
|
| [UNDERTOW-2060] CVE-2022-1319 Double AJP response for 400 from EAP 7 results in CPING failures - Red Hat Issue Tracker |
MISC |
issues.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| August 2022 Undertow Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| 2073890 – (CVE-2022-1319) CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures |
MISC |
bugzilla.redhat.com |
|
| [UNDERTOW-2060] fix double AJP response · undertow-io/undertow@1443a1a · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240458 Red Hat Update for JBoss Enterprise Application Platform 7.4.5 on RHEL 7 (RHSA-2022:4918)
- 240459 Red Hat Update for JBoss Enterprise Application Platform 7.4.5 on RHEL 8 (RHSA-2022:4919)
