Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-1319

Unchecked Return Value

Published: Aug 31, 2022 | Modified: Nov 07, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-1319
CWEhttps://cwe.mitre.org/data/definitions/252.html

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name Vendor Start Version End Version
Openshift_application_runtimes Redhat - (including) - (including)
Single_sign-on Redhat 7.0 (including) 7.0 (including)
Undertow Redhat * 2.2.17 (excluding)
Undertow Redhat 2.2.17 (including) 2.2.17 (including)
Undertow Redhat 2.2.17-sp1 (including) 2.2.17-sp1 (including)
Undertow Redhat 2.2.17-sp2 (including) 2.2.17-sp2 (including)
Undertow Redhat 2.2.19 (including) 2.2.19 (including)
Undertow Redhat 2.2.19-sp1 (including) 2.2.19-sp1 (including)
Undertow Redhat 2.3.0-alpha1 (including) 2.3.0-alpha1 (including)
Red Hat Fuse 7.11 RedHat undertow *
Red Hat JBoss Enterprise Application Platform 7 RedHat undertow *
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 RedHat eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 RedHat eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap *
Red Hat Single Sign-On 7.6.1 RedHat *
Red Hat Single Sign-On 7.6 for RHEL 7 RedHat rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso *
Red Hat Single Sign-On 7.6 for RHEL 8 RedHat rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso *
Red Hat Single Sign-On 7.6 for RHEL 9 RedHat rh-sso7-0:1-5.el9sso *
Red Hat Single Sign-On 7.6 for RHEL 9 RedHat rh-sso7-javapackages-tools-0:6.0.0-7.el9sso *
Red Hat Single Sign-On 7.6 for RHEL 9 RedHat rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso *
Text-Only RHOAR RedHat undertow *
Undertow Ubuntu bionic *
Undertow Ubuntu esm-apps/jammy *
Undertow Ubuntu impish *
Undertow Ubuntu jammy *
Undertow Ubuntu kinetic *
Undertow Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use