Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-2048

Published: Jul 07, 2022 | Modified: Jul 24, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-2048
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

Affected Software

Name Vendor Start Version End Version
Jetty Eclipse * 9.4.47 (excluding)
Jetty Eclipse 10.0.0 (including) 10.0.9 (excluding)
Jetty Eclipse 11.0.0 (including) 11.0.9 (excluding)
OpenShift Developer Tools and Services for OCP 4.11 RedHat jenkins-0:2.401.1.1686831596-3.el8 *
Red Hat AMQ Streams 2.3.0 RedHat http2-server *
Red Hat Fuse 7.11.1 RedHat http2-server *
Red Hat OpenShift Container Platform 4.8 RedHat jenkins-0:2.361.1.1672840472-1.el8 *
Red Hat OpenShift Container Platform 4.9 RedHat jenkins-0:2.361.1.1675668150-1.el8 *
Jetty Ubuntu trusty *
Jetty Ubuntu xenial *
Jetty8 Ubuntu trusty *
Jetty8 Ubuntu xenial *
Jetty9 Ubuntu bionic *
Jetty9 Ubuntu impish *
Jetty9 Ubuntu kinetic *
Jetty9 Ubuntu upstream *
Jetty9 Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use