Description
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
References (3)
Core 3
Core References
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-1259
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2072339
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221014-0006/
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (12)
netapp/active_iq_unified_manager
(3 CPE variants)
netapp/cloud_secure_agent
netapp/oncommand_insight
netapp/oncommand_workflow_automation
redhat/build_of_quarkus
redhat/integration_camel_k
redhat/jboss_enterprise_application_platform
7.0.0
redhat/openshift_application_runtimes
redhat/single_sign-on
7.0
redhat/undertow
2.2.18
... and 2 more
Published
Aug 31, 2022
Tracked Since
Feb 18, 2026