A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Netapp
  • Active Iq Unified Manager
Redhat
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Application Platform Cd
  • Jboss Enterprise Application Platform Eus
  • Jboss Fuse
  • Jboss Single Sign On
  • Openshift Application Runtimes
  • Single Sign-on
  • Undertow

Configuration 1 [-]

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Package CPE Advisory Released Date
EAP-CD 19 Tech Preview
undertow cpe:/a:redhat:jboss_enterprise_application_platform_cd:19 RHSA-2020:2333 2020-05-28T00:00:00Z
Red Hat Data Grid 7.3.5
undertow cpe:/a:redhat:jboss_data_grid:7.3 RHSA-2020:0729 2020-03-05T00:00:00Z
Red Hat Fuse 7.7.0
undertow cpe:/a:redhat:jboss_fuse:7 RHSA-2020:3192 2020-07-28T00:00:00Z
Red Hat JBoss EAP 7.2
undertow cpe:/a:redhat:jboss_enterprise_application_platform:7.2 RHSA-2020:0164 2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:5856 2024-08-26T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2020:0159 2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2020:0160 2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 RHSA-2020:0161 2020-01-21T00:00:00Z
Red Hat Runtimes Spring Boot 2.1.13
undertow cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2020:2367 2020-06-04T00:00:00Z
Red Hat Single Sign-On 7.3
cpe:/a:redhat:jboss_single_sign_on:7.3 RHSA-2020:0445 2020-02-06T00:00:00Z
Text-Only RHOAR
cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2020:2067 2020-05-18T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2020:0729 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-14888 cve-icon
https://security.netapp.com/advisory/ntap-20220211-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-14888 cve-icon
History

Mon, 26 Aug 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-01-23T16:25:11

Updated: 2024-08-05T00:26:39.131Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14888

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-01-23T17:15:11.767

Modified: 2022-04-01T15:45:52.320

Link: CVE-2019-14888

cve-icon Redhat

Severity : Important

Publid Date: 2020-01-20T12:00:00Z

Links: CVE-2019-14888 - Bugzilla