A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openshift_application_runtimes | Redhat | - (including) | - (including) |
Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |
Undertow | Redhat | * | 2.2.17 (excluding) |
Undertow | Redhat | 2.2.17 (including) | 2.2.17 (including) |
Undertow | Redhat | 2.2.17-sp1 (including) | 2.2.17-sp1 (including) |
Undertow | Redhat | 2.2.17-sp2 (including) | 2.2.17-sp2 (including) |
Undertow | Redhat | 2.2.19 (including) | 2.2.19 (including) |
Undertow | Redhat | 2.2.19-sp1 (including) | 2.2.19-sp1 (including) |
Undertow | Redhat | 2.3.0-alpha1 (including) | 2.3.0-alpha1 (including) |