Bug 2133769 (CVE-2022-21628) - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)
Summary: CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTT...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-21628
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2133701 2133703 2133704 2133705 2133706 2133707 2133708 2133709 2133710 2133711 2133712 2133713 2133714 2133715 2133716 2133717 2133718 2133719 2133720 2133721 2133722 2133723 2133724 2133725 2133726 2133727 2133728 2133729 2133730 2134564 2142628 2142629 2144796 2144907
Blocks: 2133694
TreeView+ depends on / blocked
 
Reported: 2022-10-11 10:39 UTC by Mauro Matteo Cascella
Modified: 2023-08-07 09:26 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-14 07:30:38 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6999 0 None None None 2022-10-20 08:06:01 UTC
Red Hat Product Errata RHSA-2022:7000 0 None None None 2022-10-19 22:38:09 UTC
Red Hat Product Errata RHSA-2022:7001 0 None None None 2022-10-19 22:26:08 UTC
Red Hat Product Errata RHSA-2022:7002 0 None None None 2022-10-19 22:10:23 UTC
Red Hat Product Errata RHSA-2022:7003 0 None None None 2022-10-19 21:30:38 UTC
Red Hat Product Errata RHSA-2022:7004 0 None None None 2022-10-19 21:18:41 UTC
Red Hat Product Errata RHSA-2022:7005 0 None None None 2022-10-19 22:12:55 UTC
Red Hat Product Errata RHSA-2022:7006 0 None None None 2022-10-19 22:18:56 UTC
Red Hat Product Errata RHSA-2022:7007 0 None None None 2022-10-20 08:02:16 UTC
Red Hat Product Errata RHSA-2022:7008 0 None None None 2022-10-19 22:30:36 UTC
Red Hat Product Errata RHSA-2022:7009 0 None None None 2022-10-19 21:12:51 UTC
Red Hat Product Errata RHSA-2022:7010 0 None None None 2022-10-19 22:28:28 UTC
Red Hat Product Errata RHSA-2022:7011 0 None None None 2022-10-19 22:25:44 UTC
Red Hat Product Errata RHSA-2022:7012 0 None None None 2022-10-19 22:35:00 UTC
Red Hat Product Errata RHSA-2022:7013 0 None None None 2022-10-20 08:04:48 UTC
Red Hat Product Errata RHSA-2022:7049 0 None None None 2022-10-20 10:10:28 UTC
Red Hat Product Errata RHSA-2022:7050 0 None None None 2022-10-20 10:11:08 UTC
Red Hat Product Errata RHSA-2022:7051 0 None None None 2022-10-20 10:26:21 UTC
Red Hat Product Errata RHSA-2022:7052 0 None None None 2022-10-20 10:19:02 UTC
Red Hat Product Errata RHSA-2022:7053 0 None None None 2022-10-20 10:28:06 UTC
Red Hat Product Errata RHSA-2022:7054 0 None None None 2022-10-20 10:20:19 UTC
Red Hat Product Errata RHSA-2022:8880 0 None None None 2022-12-07 10:45:17 UTC
Red Hat Product Errata RHSA-2023:0128 0 None None None 2023-01-12 08:33:41 UTC

Description Mauro Matteo Cascella 2022-10-11 10:39:27 UTC
It was discovered that the Lightweight HTTP Server component of OpenJDK did not limit the number of connections accepted from HTTP clients. This could result in resource exhaustion if multiple instances of a malicious applications were started at the same time, possibly preventing other applications on the system from being able to communicate over the network.

Comment 18 errata-xmlrpc 2022-10-19 21:12:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:7009 https://access.redhat.com/errata/RHSA-2022:7009

Comment 19 errata-xmlrpc 2022-10-19 21:18:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:7004 https://access.redhat.com/errata/RHSA-2022:7004

Comment 20 errata-xmlrpc 2022-10-19 21:30:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:7003 https://access.redhat.com/errata/RHSA-2022:7003

Comment 21 errata-xmlrpc 2022-10-19 22:10:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7002 https://access.redhat.com/errata/RHSA-2022:7002

Comment 22 errata-xmlrpc 2022-10-19 22:12:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:7005 https://access.redhat.com/errata/RHSA-2022:7005

Comment 23 errata-xmlrpc 2022-10-19 22:18:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7006 https://access.redhat.com/errata/RHSA-2022:7006

Comment 24 errata-xmlrpc 2022-10-19 22:25:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:7011 https://access.redhat.com/errata/RHSA-2022:7011

Comment 25 errata-xmlrpc 2022-10-19 22:26:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:7001 https://access.redhat.com/errata/RHSA-2022:7001

Comment 26 errata-xmlrpc 2022-10-19 22:28:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:7010 https://access.redhat.com/errata/RHSA-2022:7010

Comment 27 errata-xmlrpc 2022-10-19 22:30:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7008 https://access.redhat.com/errata/RHSA-2022:7008

Comment 28 errata-xmlrpc 2022-10-19 22:34:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7012 https://access.redhat.com/errata/RHSA-2022:7012

Comment 29 errata-xmlrpc 2022-10-19 22:38:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7000 https://access.redhat.com/errata/RHSA-2022:7000

Comment 30 errata-xmlrpc 2022-10-20 08:02:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7007 https://access.redhat.com/errata/RHSA-2022:7007

Comment 31 errata-xmlrpc 2022-10-20 08:04:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7013 https://access.redhat.com/errata/RHSA-2022:7013

Comment 32 errata-xmlrpc 2022-10-20 08:05:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6999 https://access.redhat.com/errata/RHSA-2022:6999

Comment 33 errata-xmlrpc 2022-10-20 10:10:25 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u352

Via RHSA-2022:7049 https://access.redhat.com/errata/RHSA-2022:7049

Comment 34 errata-xmlrpc 2022-10-20 10:11:04 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u352

Via RHSA-2022:7050 https://access.redhat.com/errata/RHSA-2022:7050

Comment 35 errata-xmlrpc 2022-10-20 10:19:00 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.17

Via RHSA-2022:7052 https://access.redhat.com/errata/RHSA-2022:7052

Comment 36 errata-xmlrpc 2022-10-20 10:20:16 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.17

Via RHSA-2022:7054 https://access.redhat.com/errata/RHSA-2022:7054

Comment 37 errata-xmlrpc 2022-10-20 10:26:18 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.5

Via RHSA-2022:7051 https://access.redhat.com/errata/RHSA-2022:7051

Comment 38 errata-xmlrpc 2022-10-20 10:28:03 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.5

Via RHSA-2022:7053 https://access.redhat.com/errata/RHSA-2022:7053

Comment 42 errata-xmlrpc 2022-12-07 10:45:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2022:8880 https://access.redhat.com/errata/RHSA-2022:8880

Comment 43 errata-xmlrpc 2023-01-12 08:33:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0128 https://access.redhat.com/errata/RHSA-2023:0128

Comment 44 Product Security DevOps Team 2023-01-14 07:30:36 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21628


Note You need to log in before you can comment on or make changes to this bug.