Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2022-23059 Vulnerability in maven package com.shopizer:sm-shop-model

CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2021-41246 Vulnerability in npm package express-openid-connect

CVE-2023-42794 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-31129 Vulnerability in maven package org.webjars:momentjs

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory