Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2023-49448 Vulnerability in maven package com.jfinal:jfinal

CVE-2022-35949 Vulnerability in npm package undici

CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm

CVE-2022-36895 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities

CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory