Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-security-utils

CVE-2021-25864 Vulnerability in npm package node-red-contrib-huemagic

CVE-2023-27563 Vulnerability in npm package n8n

CVE-2017-7559 Vulnerability in maven package io.undertow:undertow-core

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory