Description

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1803241

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2019-10327 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2023-50774 Vulnerability in maven package org.jenkins-ci.plugins:htmlresource

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2013-2165 Vulnerability in maven package org.richfaces.framework:richfaces-impl

CVE-2021-25943 Vulnerability in npm package 101

Severity

High

Classification

CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Vendor Advisory Third Party Advisory