Undertow DoS via EJB INVOKER LAST_CHUNK Wait
CVE-2022-2764 Published on September 1, 2022

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2022-2764 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2022-2764

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-2764 are published in these products:

Red Hat Jboss Enterprise Application Platform

Red Hat Single Sign On

Red Hat Jboss Fuse

Red Hat Integration Camel K

Red Hat Undertow

NetApp Oncommand Workflow Automation

NetApp Oncommand Insight

NetApp Active Iq Unified Manager

NetApp Cloud Secure Agent

Exploit Probability

EPSS

0.13%

Percentile

33.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Undertow DoS via EJB INVOKER LAST_CHUNK WaitCVE-2022-2764 Published on September 1, 2022

Weakness Type

What is a Resource Exhaustion Vulnerability?

Products Associated with CVE-2022-2764

Exploit Probability

Undertow DoS via EJB INVOKER LAST_CHUNK Wait
CVE-2022-2764 Published on September 1, 2022