Description

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

Remediation

References

CVE-2020-10687

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-0899)

WordPress Plugin Management App for WooCommerce-Order notifications, Order management, Lead management, Uptime Monitoring Arbitrary File Upload (1.2.2)

WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)

Severity

Medium

Classification

CVE-2020-10687 CWE-444 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities