A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_enterprise_application_platform | Redhat | 7.3 (including) | 7.3 (including) |
Jboss_enterprise_application_platform | Redhat | 7.4 (including) | 7.4 (including) |
Single_sign-on | Redhat | 7.4.10 (including) | 7.4.10 (including) |
Single_sign-on | Redhat | 7.5.1 (including) | 7.5.1 (including) |
Undertow | Redhat | * | 2.2.15 (excluding) |