CVE-2019-14888

Description

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Red Hat / undertowAll versions before 2.0.28.SP1 – All versions before 2.0.28.SP1

References

MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0729
MISChttps://security.netapp.com/advisory/ntap-20220211-0001/