Undertow HTTP/2 Flow Control DoS via Oversized Frames
CVE-2022-1259 Published on August 31, 2022

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2022-1259 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2022-1259

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-1259 are published in these products:

Red Hat Jboss Enterprise Application Platform

Red Hat Single Sign On

Red Hat Openshift Application Runtimes

Red Hat Build Of Quarkus

Red Hat Integration Camel K

Red Hat Undertow

NetApp Oncommand Workflow Automation

NetApp Oncommand Insight

NetApp Active Iq Unified Manager

NetApp Cloud Secure Agent

Exploit Probability

EPSS

0.27%

Percentile

50.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Undertow HTTP/2 Flow Control DoS via Oversized FramesCVE-2022-1259 Published on August 31, 2022

Weakness Type

What is a Resource Exhaustion Vulnerability?

Products Associated with CVE-2022-1259

Exploit Probability

Undertow HTTP/2 Flow Control DoS via Oversized Frames
CVE-2022-1259 Published on August 31, 2022