WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)

Description

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

Remediation

References

Related Vulnerabilities

MySQL CVE-2018-2773 Vulnerability (CVE-2018-2773)

WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.5)

WordPress Plugin Adblock Blocker Arbitrary File Upload (0.0.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9475)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5268)

Severity

Medium

Classification

CVE-2020-10687 CWE-444 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities