Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2020-7011 Vulnerability in npm package @elastic/app-search-javascript

CVE-2021-43571 Vulnerability in npm package starkbank-ecdsa

CVE-2022-29577 Vulnerability in maven package org.owasp.antisamy:antisamy

CVE-2021-39168 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.10

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory