Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2022-36045 Vulnerability in npm package nodebb

CVE-2022-28730 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2018-14041 Vulnerability in maven package org.webjars:bootstrap

CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory