Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2022-2932 Vulnerability in npm package mobiledoc-dom-renderer

CVE-2022-28158 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

CVE-2017-11341 Vulnerability in npm package node-sass

CVE-2021-27807 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2022-25894 Vulnerability in maven package com.bstek.uflo:uflo-core

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory