Mitigation: Enable HTTP2 (enable-http2="true") in the undertow's HTTPS settings.
Acknowledgments: Name: Henning Baldersheim (Verizon Media), Håvard Pettersen (Verizon Media)
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0164
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0159
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0161
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0160
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14888
This issue has been addressed in the following products: Red Hat Data Grid 7.3.5 Via RHSA-2020:0729 https://access.redhat.com/errata/RHSA-2020:0729
Rating Fuse 6 as low because camel-undertow uses a version of undertow in the affected range, however it is not have the original flaws impact because the camel-undertow component does not allow the use of the undertow `SSLEngine` implementation (the vulnerable component within undertow), SSL/TLS is provided by Camel itself.
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067
This issue has been addressed in the following products: EAP-CD 19 Tech Preview Via RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333
This issue has been addressed in the following products: Red Hat Runtimes Spring Boot 2.1.13 Via RHSA-2020:2367 https://access.redhat.com/errata/RHSA-2020:2367
This issue has been addressed in the following products: Red Hat Fuse 7.7.0 Via RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192