Unchecked Return Value in io.undertow:undertow-core

CVE-2022-1319

io.undertow:undertow-core
io.undertow:undertow-dist
io.undertow:undertow-parent

High

7.5/10

Summary

A flaw was found in Undertow versions through 2.2.17.Final and 2.3.0.Alpha1. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by "CPING" since it reads in the second "SEND_HEADERS" response packet instead of a "CPONG".

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-252 - Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

Advisory
Pull request
Issue

Advisory Timeline

Published Aug 31, 2022

Unchecked Return Value in io.undertow:undertow-core

CVE-2022-1319

Summary

CWE-252 - Unchecked Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS