VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mj17-qddr-aaaa

Essentials
Severities (113)
References (39)
Severity details (19)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-mj17-qddr-aaaa
Aliases	CVE-2021-3859 GHSA-339q-62wm-c39w GMS-2022-2963
Summary	A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-214	Invocation of Process Using Visible Sensitive Information
CWE-400	Uncontrolled Resource Consumption
CWE-668	Exposure of Resource to Wrong Sphere
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0400
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0401
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0404
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0405
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0406
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0407
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0408
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0415
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0447
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0448
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1179
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5532
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00184	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00184	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00184	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00336	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00590	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
epss	0.00597	https://api.first.org/data/v1/epss?cve=CVE-2021-3859
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2010378
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2010378
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-339q-62wm-c39w
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-339q-62wm-c39w
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1296
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1296
cvssv3.1	7.5	https://issues.redhat.com/browse/UNDERTOW-1979
generic_textual	HIGH	https://issues.redhat.com/browse/UNDERTOW-1979
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-3859
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-3859
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20221201-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20221201-0004

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json
		https://access.redhat.com/security/cve/CVE-2021-3859
		https://api.first.org/data/v1/epss?cve=CVE-2021-3859
		https://bugzilla.redhat.com/show_bug.cgi?id=2010378
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
		https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
		https://github.com/undertow-io/undertow/pull/1296
		https://issues.redhat.com/browse/UNDERTOW-1979
		https://security.netapp.com/advisory/ntap-20221201-0004
		https://security.netapp.com/advisory/ntap-20221201-0004/
1015983		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983
cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:::::::*
cpe:2.3:a:redhat:single_sign-on:7.4.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.4.10:::::::*
cpe:2.3:a:redhat:single_sign-on:7.5.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.5.1:::::::*
cpe:2.3:a:redhat:undertow::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow::::::::
CVE-2021-3859		https://access.redhat.com/security/cve/cve-2021-3859
CVE-2021-3859		https://nvd.nist.gov/vuln/detail/CVE-2021-3859
GHSA-339q-62wm-c39w		https://github.com/advisories/GHSA-339q-62wm-c39w
RHSA-2022:0400		https://access.redhat.com/errata/RHSA-2022:0400
RHSA-2022:0401		https://access.redhat.com/errata/RHSA-2022:0401
RHSA-2022:0404		https://access.redhat.com/errata/RHSA-2022:0404
RHSA-2022:0405		https://access.redhat.com/errata/RHSA-2022:0405
RHSA-2022:0406		https://access.redhat.com/errata/RHSA-2022:0406
RHSA-2022:0407		https://access.redhat.com/errata/RHSA-2022:0407
RHSA-2022:0408		https://access.redhat.com/errata/RHSA-2022:0408
RHSA-2022:0409		https://access.redhat.com/errata/RHSA-2022:0409
RHSA-2022:0410		https://access.redhat.com/errata/RHSA-2022:0410
RHSA-2022:0415		https://access.redhat.com/errata/RHSA-2022:0415
RHSA-2022:0447		https://access.redhat.com/errata/RHSA-2022:0447
RHSA-2022:0448		https://access.redhat.com/errata/RHSA-2022:0448
RHSA-2022:1179		https://access.redhat.com/errata/RHSA-2022:1179
RHSA-2022:5532		https://access.redhat.com/errata/RHSA-2022:5532
RHSA-2024:10207		https://access.redhat.com/errata/RHSA-2024:10207
RHSA-2025:4226		https://access.redhat.com/errata/RHSA-2025:4226

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2010378

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1296

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/UNDERTOW-1979

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3859

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3859

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20221201-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.35138
EPSS Score	0.00171
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.