// For flags

CVE-2022-1319

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Se ha encontrado un fallo en Undertow. Para una respuesta AJP 400, EAP 7 envía inapropiadamente el flag de reúso habilitado aunque JBoss EAP cierra la conexión. es producido un fallo cuando la conexión es reusada después de un 400 por CPING ya que lee en el segundo paquete de respuesta SEND_HEADERS en lugar de un CPONG

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-12 CVE Reserved
  • 2022-06-07 CVE Published
  • 2024-04-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-252: Unchecked Return Value
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Openshift Application Runtimes
Search vendor "Redhat" for product "Openshift Application Runtimes"
--
Affected
Redhat
Search vendor "Redhat"
 Single Sign-on
Search vendor "Redhat" for product "Single Sign-on"
 7.0
Search vendor "Redhat" for product "Single Sign-on" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 < 2.2.17
Search vendor "Redhat" for product "Undertow" and version " < 2.2.17"
-
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.2.17
Search vendor "Redhat" for product "Undertow" and version "2.2.17"
-
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.2.17
Search vendor "Redhat" for product "Undertow" and version "2.2.17"
sp1
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.2.17
Search vendor "Redhat" for product "Undertow" and version "2.2.17"
sp2
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.2.19
Search vendor "Redhat" for product "Undertow" and version "2.2.19"
-
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.2.19
Search vendor "Redhat" for product "Undertow" and version "2.2.19"
sp1
Affected
Redhat
Search vendor "Redhat"
 Undertow
Search vendor "Redhat" for product "Undertow"
 2.3.0
Search vendor "Redhat" for product "Undertow" and version "2.3.0"
alpha1
Affected
Netapp
Search vendor "Netapp"
 Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-linux
Affected
Netapp
Search vendor "Netapp"
 Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
 Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-windows
Affected
Netapp
Search vendor "Netapp"
 Cloud Secure Agent
Search vendor "Netapp" for product "Cloud Secure Agent"
--
Affected
Netapp
Search vendor "Netapp"
 Oncommand Insight
Search vendor "Netapp" for product "Oncommand Insight"
--
Affected
Netapp
Search vendor "Netapp"
 Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected