CVE-2022-2048
http2-server: Invalid HTTP/2 requests cause DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
En la implementación del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petición HTTP/2 no válida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegación de servicio en el que no queden recursos suficientes para procesar las peticiones buenas
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-09 CVE Reserved
- 2022-07-07 CVE Published
- 2024-08-03 CVE Updated
- 2025-06-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-410: Insufficient Resource Pool
- CWE-664: Improper Control of a Resource Through its Lifetime
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2022/09/09/2 | Mailing List |
|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List |
|
https://security.netapp.com/advisory/ntap-20220901-0006 | Third Party Advisory |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2022/dsa-5198 | 2023-07-24 | |
https://access.redhat.com/security/cve/CVE-2022-2048 | 2023-06-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2116952 | 2023-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | < 9.4.47 Search vendor "Eclipse" for product "Jetty" and version " < 9.4.47" | - |
Affected
| ||||||
Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | >= 10.0.0 < 10.0.9 Search vendor "Eclipse" for product "Jetty" and version " >= 10.0.0 < 10.0.9" | - |
Affected
| ||||||
Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | >= 11.0.0 < 11.0.9 Search vendor "Eclipse" for product "Jetty" and version " >= 11.0.0 < 11.0.9" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Element Plug-in For Vcenter Server Search vendor "Netapp" for product "Element Plug-in For Vcenter Server" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Management Services For Element Software And Netapp Hci Search vendor "Netapp" for product "Management Services For Element Software And Netapp Hci" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire \& Hci Storage Node Search vendor "Netapp" for product "Solidfire \& Hci Storage Node" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Affected
| ||||||
Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | < 2.263 Search vendor "Jenkins" for product "Jenkins" and version " < 2.263" | - |
Affected
| ||||||
Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | < 2.361.1 Search vendor "Jenkins" for product "Jenkins" and version " < 2.361.1" | lts |
Affected
|