A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift_application_runtimes | Redhat | - (including) | - (including) |
| Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |
| Undertow | Redhat | * | 2.2.17 (excluding) |
| Undertow | Redhat | 2.2.17 (including) | 2.2.17 (including) |
| Undertow | Redhat | 2.2.17-sp1 (including) | 2.2.17-sp1 (including) |
| Undertow | Redhat | 2.2.17-sp2 (including) | 2.2.17-sp2 (including) |
| Undertow | Redhat | 2.2.19 (including) | 2.2.19 (including) |
| Undertow | Redhat | 2.2.19-sp1 (including) | 2.2.19-sp1 (including) |
| Undertow | Redhat | 2.3.0-alpha1 (including) | 2.3.0-alpha1 (including) |
| Red Hat Fuse 7.11 | RedHat | undertow | * |
| Red Hat JBoss Enterprise Application Platform 7 | RedHat | undertow | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap | * |
| Red Hat Single Sign-On 7.6.1 | RedHat | * | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-0:1-5.el9sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-javapackages-tools-0:6.0.0-7.el9sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso | * |
| Text-Only RHOAR | RedHat | undertow | * |
| Undertow | Ubuntu | bionic | * |
| Undertow | Ubuntu | esm-apps/jammy | * |
| Undertow | Ubuntu | impish | * |
| Undertow | Ubuntu | jammy | * |
| Undertow | Ubuntu | kinetic | * |
| Undertow | Ubuntu | upstream | * |