Description
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Red Hat | undertow | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| EAP-CD 19 Tech Preview | |||
| undertow | cpe:/a:redhat:jboss_enterprise_application_platform_cd:19 | RHSA-2020:2333 | 2020-05-28T00:00:00Z |
| Red Hat Data Grid 7.3.5 | |||
| undertow | cpe:/a:redhat:jboss_data_grid:7.3 | RHSA-2020:0729 | 2020-03-05T00:00:00Z |
| Red Hat Fuse 7.7.0 | |||
| undertow | cpe:/a:redhat:jboss_fuse:7 | RHSA-2020:3192 | 2020-07-28T00:00:00Z |
| Red Hat JBoss EAP 7.2 | |||
| undertow-core | cpe:/a:redhat:jboss_enterprise_application_platform:7.2 | RHSA-2020:0164 | 2020-01-21T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | |||
| eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 | RHSA-2024:5856 | 2024-08-26T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | |||
| eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2020:0159 | 2020-01-21T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 | |||
| eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2020:0160 | 2020-01-21T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 | |||
| eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2020:0161 | 2020-01-21T00:00:00Z |
| Red Hat Runtimes Spring Boot 2.1.13 | |||
| undertow | cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:2367 | 2020-06-04T00:00:00Z |
| Red Hat Single Sign-On 7.3 | |||
| cpe:/a:redhat:jboss_single_sign_on:7.3 | RHSA-2020:0445 | 2020-02-06T00:00:00Z | |
| Text-Only RHOAR | |||
| cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:2067 | 2020-05-18T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5375 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. |
 Github GHSA |
GHSA-vjxc-frw4-jmh5 | Undertow vulnerable to Uncontrolled Resource Consumption |
References
History
Mon, 26 Aug 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat jboss Enterprise Application Platform Eus
|
|
| CPEs | cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 | |
| Vendors & Products |
Redhat jboss Enterprise Application Platform Eus
|
Subscriptions
Netapp
Subscribe
Active Iq Unified Manager
Subscribe
Redhat
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform
Subscribe
Jboss Enterprise Application Platform Cd
Subscribe
Jboss Enterprise Application Platform Eus
Subscribe
Jboss Fuse
Subscribe
Jboss Single Sign On
Subscribe
Openshift Application Runtimes
Subscribe
Single Sign-on
Subscribe
Undertow
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T00:26:39.131Z
Reserved: 2019-08-10T00:00:00.000Z
Link: CVE-2019-14888
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-23T17:15:11.767
Modified: 2024-11-21T04:27:36.977
Link: CVE-2019-14888
Redhat
OpenCVE Enrichment
No data.
Weaknesses