A flaw was found in Undertow where a potential security issue in flow control handling by browser over HTTP/2 may potentially cause overhead or DOS in the server. The highest impact of this vulnerability is availability.
This issue has been addressed in the following products: EAP 7.4.2 release Via RHSA-2021:4679 https://access.redhat.com/errata/RHSA-2021:4679
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2021:4676 https://access.redhat.com/errata/RHSA-2021:4676
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2021:4677 https://access.redhat.com/errata/RHSA-2021:4677
This issue has been addressed in the following products: Red Hat Integration Via RHSA-2021:4767 https://access.redhat.com/errata/RHSA-2021:4767
This issue has been addressed in the following products: Red Hat Fuse 7.10 Via RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 Via RHSA-2021:5150 https://access.redhat.com/errata/RHSA-2021:5150
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 Via RHSA-2021:5151 https://access.redhat.com/errata/RHSA-2021:5151
This issue has been addressed in the following products: EAP 7.3.10 GA Via RHSA-2021:5154 https://access.redhat.com/errata/RHSA-2021:5154
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 Via RHSA-2021:5149 https://access.redhat.com/errata/RHSA-2021:5149
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.10 Via RHSA-2021:5170 https://access.redhat.com/errata/RHSA-2021:5170
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3629
This issue has been addressed in the following products: Red Hat EAP-XP 2 via EAP 7.3.x base Via RHSA-2022:0146 https://access.redhat.com/errata/RHSA-2022:0146
This issue has been addressed in the following products: Red Hat Support for Spring Boot 2.5.10 Via RHSA-2022:1179 https://access.redhat.com/errata/RHSA-2022:1179
This issue has been addressed in the following products: Red Hat Fuse 7.11 Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
This issue has been addressed in the following products: RHAF Camel-K 1.8 Via RHSA-2022:6407 https://access.redhat.com/errata/RHSA-2022:6407