CVE-2021-3859
undertow: client side invocation timeout raised when calling over HTTP2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Se ha encontrado un fallo en Undertow que dispara el tiempo de espera de la invocación del lado del cliente con determinadas llamadas realizadas a través de HTTP2. Este fallo permite a un atacante realizar ataques de denegación de servicio.
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-05 CVE Reserved
- 2022-02-03 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-214: Invocation of Process Using Visible Sensitive Information
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/undertow-io/undertow/pull/1296 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20221201-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 | 2022-12-13 | |
| https://issues.redhat.com/browse/UNDERTOW-1979 | 2022-12-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3859 | 2022-12-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2010378 | 2022-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.3 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Single Sign-on Search vendor "Redhat" for product "Single Sign-on" | 7.4.10 Search vendor "Redhat" for product "Single Sign-on" and version "7.4.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Single Sign-on Search vendor "Redhat" for product "Single Sign-on" | 7.5.1 Search vendor "Redhat" for product "Single Sign-on" and version "7.5.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | < 2.2.15 Search vendor "Redhat" for product "Undertow" and version " < 2.2.15" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Secure Agent Search vendor "Netapp" for product "Cloud Secure Agent" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||