) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:undertow:2.2.19:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-3223 |
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Published: September 27, 2023; 11:18:56 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-1108 |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Published: September 14, 2023; 11:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-2764 |
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Published: September 01, 2022; 5:15:09 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2022-1259 |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. Published: August 31, 2022; 12:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |