CVE-2022-1319

Summary

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Affected Software

VendorProductVersion RangeStatus
n/aundertowFixed in 2.3.0.Final, 2.2.18.Final, 2.2.17.SP3, 2.2.17.SP4, 2.3.0.Alpha2affected

Weaknesses

  • CWE-252: CWE-252 - Unchecked Return Value.

ADP Enrichment

CVE Program Container

Additional References

References