Undertow HTTP/2 DoS via Invocation Timeout
CVE-2021-3859 Published on August 26, 2022
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Weakness Type
Invocation of Process Using Visible Sensitive Information
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system. Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.
Products Associated with CVE-2021-3859
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3859 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.