redhat single-sign-on CVE-2021-3597 in Red Hat and NetApp Products
Published on May 24, 2022

product logo product logo
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

NVD

Weakness Type

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2021-3597 has been classified to as a Race Condition vulnerability or weakness.


Products Associated with CVE-2021-3597

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3597 are published in these products:

Red Hat Single Sign On
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Openshift Application Runtimes
 
Red Hat Fuse
 
Red Hat Undertow
 
NetApp Oncommand Workflow Automation
 
NetApp Oncommand Insight
 
NetApp Active Iq Unified Manager
 

Exploit Probability

EPSS
0.17%
Percentile
37.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.