Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2022-4521 Vulnerability in maven package org.wso2.carbon.registry:org.wso2.carbon.registry.profiles.ui

CVE-2022-42126 Vulnerability in maven package com.liferay:com.liferay.depot.service

CVE-2022-36084 Vulnerability in npm package cruddl

CVE-2021-20190 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-25179 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-multibranch

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory