CVE-2022-1259 - Vulnerability Details

CVE-2022-1259 - undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Active Iq Unified Manager Cloud Secure Agent Oncommand Insight Oncommand Workflow Automation
Redhat	Build Of Quarkus Integration Camel K Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Fuse Openshift Application Runtimes Single Sign-on Undertow

Configuration 1 [-]

OR	cpe:2.3:a:redhat:build_of_quarkus:-:::::::*
	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:undertow::::::::
	cpe:2.3:a:redhat:undertow:2.2.18:::::::*
	cpe:2.3:a:redhat:undertow:2.2.19:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.11
undertow	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:5532	2022-07-07T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
undertow	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:6825	2022-10-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:6822	2022-10-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2022:6823	2022-10-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:6821	2022-10-05T00:00:00Z
Text-Only RHOAR
undertow	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2022:8761	2022-12-14T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-1259
https://bugzilla.redhat.com/show_bug.cgi?id=2072339
https://nvd.nist.gov/vuln/detail/CVE-2022-1259
https://security.netapp.com/advisory/ntap-20221014-0006/
https://www.cve.org/CVERecord?id=CVE-2022-1259

History

Wed, 25 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-31T00:00:00

Updated: 2024-08-02T23:55:24.711Z

Reserved: 2022-04-06T00:00:00

Link: CVE-2022-1259

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-31T16:15:09.230

Modified: 2024-11-21T06:40:21.637

Link: CVE-2022-1259

Redhat

Severity : Moderate

Publid Date: 2022-04-06T00:00:00Z

Links: CVE-2022-1259 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1259", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:55:24.711Z", "dateReserved": "2022-04-06T00:00:00", "datePublished": "2022-08-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629."}], "affected": [{"vendor": "n/a", "product": "undertow", "versions": [{"version": "Fixed in 2.3.0.Final, 2.2.17.SP1, 2.2.20.Final, 2.2.19.SP1.", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1259"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0006/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400 - Uncontrolled Resource Consumption.", "cweId": "CWE-400"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.711Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1259", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0006/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "matchCriteriaId": "41DB9F22-47FB-4D66-9EA0-10BAFE1D9EE5", "versionEndIncluding": "2.2.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:undertow:2.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "69DCCF80-32AD-4E27-871D-0FE5DF57CEF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:undertow:2.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "F5E73C11-3855-4A12-90A9-3AB29235BB57", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629."}, {"lang": "es", "value": "Se ha encontrado un fallo en Undertow. Un posible problema de seguridad en la administraci\u00f3n del control de flujo por parte del navegador sobre HTTP/2 puede causar una sobrecarga o una denegaci\u00f3n de servicio en el servidor. Este fallo se presenta debido a una correcci\u00f3n incompleta de CVE-2021-3629"}], "id": "CVE-2022-1259", "lastModified": "2024-11-21T06:40:21.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T16:15:09.230", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-1259"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221014-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-1259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221014-0006/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5532", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "undertow", "product_name": "Red Hat Fuse 7.11", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:6825", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2022-10-05T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2022:6822", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-10-05T00:00:00Z"}, {"advisory": "RHSA-2022:6823", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2022-10-05T00:00:00Z"}, {"advisory": "RHSA-2022:6821", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-undertow-0:2.2.19-1.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-10-05T00:00:00Z"}, {"advisory": "RHSA-2022:8761", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "undertow", "product_name": "Text-Only RHOAR", "release_date": "2022-12-14T00:00:00Z"}], "bugzilla": {"description": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)", "id": "2072339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400->CWE-770", "details": ["A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.", "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server."], "name": "CVE-2022-1259", "package_state": [{"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "undertow", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Fix deferred", "impact": "low", "package_name": "undertow", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "undertow", "product_name": "Red Hat Integration Service Registry"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2022-04-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1259\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1259"], "statement": "This flaw occurs because of an incomplete fix for CVE-2021-3629.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object