CVE-2022-2048 in Banking Supply Chain Financeinfo

Summary

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

Once again VulDB remains the best source for vulnerability data.

Responsible

Eclipse Foundation

Reservation

06/09/2022

Disclosure

07/08/2022

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
234706Oracle Banking Supply Chain Finance Security denial of service404Not definedOfficial fixCVE-2022-2048
234672Oracle Banking Cash Management Accessibility denial of service404Not definedOfficial fixCVE-2022-2048
226460Oracle Banking Corporate Lending Process Management Base denial of service404Not definedOfficial fixCVE-2022-2048
218685Oracle Financial Services Crime and Compliance Management Studio denial of service404Not definedOfficial fixCVE-2022-2048
218630Oracle Communications Cloud Native Core Policy denial of service404Not definedOfficial fixCVE-2022-2048
218611Oracle Communications Cloud Native Core Binding Support Function Signaling denial of service404Not definedOfficial fixCVE-2022-2048
211704Oracle Autovue for Agile Product Lifecycle Management Autovue Client denial of service404Not definedOfficial fixCVE-2022-2048
211703Oracle AutoVue Web General denial of service404Not definedOfficial fixCVE-2022-2048
211662Oracle Retail EFTLink Other denial of service404Not definedOfficial fixCVE-2022-2048
211452Oracle Communications Element Manager GEN denial of service404Not definedOfficial fixCVE-2022-2048
211397Oracle Communications Unified Assurance Message Bus denial of service404Not definedOfficial fixCVE-2022-2048
203386Eclipse Jetty HTTP/2 Server resource pool410Not definedNot definedCVE-2022-2048

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!