CVE-2021-3629
Aliases:GHSA-rf6q-vx79-mjxr
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 24 May 2022, 18:19
Last modified:03 Aug 2024, 17:01
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
5.9 MEDIUM
v3.1 (nvd)
EPSS Score
0.29% LOW
0% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 May 2022, 18:19
Published
Vulnerability first disclosed
03 Aug 2024, 17:01
Last Modified
Vulnerability information updated
Description
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.29%• Percentile: 53%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- io.undertow•undertow-core
< 2.0.40.Final | ≥ 2.1.0, < 2.2.11.Final
- netapp•active_iq_unified_manager
na
- netapp•oncommand_insight
na
- netapp•oncommand_workflow_automation
na
- redhat•integration
na
- redhat•jboss_enterprise_application_platform
na | 7.4 | 7.3
- redhat•single_sign-on
na
- redhat•undertow
< 2.0.40 | ≥ 2.2.0, < 2.2.11
- redhat•wildfly_core
< 17.0