Description

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.

Remediation

References

CVE-2022-1319

Related Vulnerabilities

WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)

Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1256)

WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)

MySQL CVE-2022-21256 Vulnerability (CVE-2022-21256)

Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)

Severity

High

Classification

CVE-2022-1319 CWE-252 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities