A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Weakness
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift_application_runtimes | Redhat | - (including) | - (including) |
| Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |
| Undertow | Redhat | * | 2.2.17 (excluding) |
| Undertow | Redhat | 2.2.17 (including) | 2.2.17 (including) |
| Undertow | Redhat | 2.2.17-sp1 (including) | 2.2.17-sp1 (including) |
| Undertow | Redhat | 2.2.17-sp2 (including) | 2.2.17-sp2 (including) |
| Undertow | Redhat | 2.2.19 (including) | 2.2.19 (including) |
| Undertow | Redhat | 2.2.19-sp1 (including) | 2.2.19-sp1 (including) |
| Undertow | Redhat | 2.3.0-alpha1 (including) | 2.3.0-alpha1 (including) |
| Red Hat Fuse 7.11 | RedHat | undertow | * |
| Red Hat JBoss Enterprise Application Platform 7 | RedHat | undertow | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7 | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap | * |
| Red Hat Single Sign-On 7.6.1 | RedHat | * | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-0:1-5.el9sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-javapackages-tools-0:6.0.0-7.el9sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso | * |
| Text-Only RHOAR | RedHat | undertow | * |
| Undertow | Ubuntu | bionic | * |
| Undertow | Ubuntu | esm-apps/jammy | * |
| Undertow | Ubuntu | focal | * |
| Undertow | Ubuntu | impish | * |
| Undertow | Ubuntu | jammy | * |
| Undertow | Ubuntu | kinetic | * |
| Undertow | Ubuntu | upstream | * |
Potential Mitigations
References
- https://access.redhat.com/security/cve/CVE-2022-1319
- https://bugzilla.redhat.com/show_bug.cgi?id=2073890
- https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
- https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
- https://issues.redhat.com/browse/UNDERTOW-2060
- https://security.netapp.com/advisory/ntap-20221014-0006/
- https://access.redhat.com/security/cve/CVE-2022-1319
- https://bugzilla.redhat.com/show_bug.cgi?id=2073890
- https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
- https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
- https://issues.redhat.com/browse/UNDERTOW-2060
- https://security.netapp.com/advisory/ntap-20221014-0006/