CVE-2021-3859

Summary

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

Affected Software

VendorProductVersion RangeStatus
n/aundertowFixed in 2.2.15.Finalaffected

Weaknesses

  • CWE-214: CWE-214 - Invocation of Process Using Visible Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References