Search for vulnerabilities
Vulnerability details: VCID-tw4d-xnwu-aaah
Vulnerability ID VCID-tw4d-xnwu-aaah
Aliases CVE-2022-1319
Summary A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-252 Unchecked Return Value
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:4918
rhas Moderate https://access.redhat.com/errata/RHSA-2022:4919
rhas Moderate https://access.redhat.com/errata/RHSA-2022:4922
rhas Important https://access.redhat.com/errata/RHSA-2022:5532
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.002 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2022-1319
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1319
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1319
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
https://access.redhat.com/security/cve/CVE-2022-1319
https://api.first.org/data/v1/epss?cve=CVE-2022-1319
https://bugzilla.redhat.com/show_bug.cgi?id=2073890
https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
https://issues.redhat.com/browse/UNDERTOW-2060
https://security.netapp.com/advisory/ntap-20221014-0006/
1016448 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.17:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.17:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.17:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.17:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.19:-:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.19:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.19:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.3.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.3.0:alpha1:*:*:*:*:*:*
CVE-2022-1319 https://nvd.nist.gov/vuln/detail/CVE-2022-1319
RHSA-2022:4918 https://access.redhat.com/errata/RHSA-2022:4918
RHSA-2022:4919 https://access.redhat.com/errata/RHSA-2022:4919
RHSA-2022:4922 https://access.redhat.com/errata/RHSA-2022:4922
RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
RHSA-2022:7409 https://access.redhat.com/errata/RHSA-2022:7409
RHSA-2022:7410 https://access.redhat.com/errata/RHSA-2022:7410
RHSA-2022:7411 https://access.redhat.com/errata/RHSA-2022:7411
RHSA-2022:7417 https://access.redhat.com/errata/RHSA-2022:7417
RHSA-2022:8761 https://access.redhat.com/errata/RHSA-2022:8761
RHSA-2025:4226 https://access.redhat.com/errata/RHSA-2025:4226
RHSA-2025:9583 https://access.redhat.com/errata/RHSA-2025:9583
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37516
EPSS Score 0.00187
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.