CVE-2019-14888

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Undertow
Vendor: CVE Published:; 23 January 2020

Summary

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Affected Version(s)

undertow All versions before 2.0.28.SP1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2020:0729

vendor-advisoryx_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20220211-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2020
Vulnerability Reserved
Aug 10, 2019

Collectors

NVD DatabaseMitre Database