Denial of service in Undertow

Published: 2022-10-05
Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2022-1259
Exploitation vector Network
Public exploit N/A
Vulnerable software
Server applications / Web servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU67947

Risk: Medium


CVE-ID: CVE-2022-1259

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of HTTP/2 requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note, the vulnerability exists due to an incomplete fix for #VU58177 (CVE-2021-3629).


Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Undertow: 2.0.0 - 2.3.0 Alpha2

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?