CVE-2022-1319
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Se ha encontrado un fallo en Undertow. Para una respuesta AJP 400, EAP 7 envía inapropiadamente el flag de reúso habilitado aunque JBoss EAP cierra la conexión. es producido un fallo cuando la conexión es reusada después de un 400 por CPING ya que lee en el segundo paquete de respuesta SEND_HEADERS en lugar de un CPONG
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-12 CVE Reserved
- 2022-06-07 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-252: Unchecked Return Value
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20221014-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-1319 | 2022-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2073890 | 2022-11-07 | |
| https://issues.redhat.com/browse/UNDERTOW-2060 | 2022-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Application Runtimes Search vendor "Redhat" for product "Openshift Application Runtimes" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Single Sign-on Search vendor "Redhat" for product "Single Sign-on" | 7.0 Search vendor "Redhat" for product "Single Sign-on" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | < 2.2.17 Search vendor "Redhat" for product "Undertow" and version " < 2.2.17" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.2.17 Search vendor "Redhat" for product "Undertow" and version "2.2.17" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.2.17 Search vendor "Redhat" for product "Undertow" and version "2.2.17" | sp1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.2.17 Search vendor "Redhat" for product "Undertow" and version "2.2.17" | sp2 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.2.19 Search vendor "Redhat" for product "Undertow" and version "2.2.19" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.2.19 Search vendor "Redhat" for product "Undertow" and version "2.2.19" | sp1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Undertow Search vendor "Redhat" for product "Undertow" | 2.3.0 Search vendor "Redhat" for product "Undertow" and version "2.3.0" | alpha1 |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | linux |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Secure Agent Search vendor "Netapp" for product "Cloud Secure Agent" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||