PT-2020-12298 · Red Hat · Undertow

Zeddyu

Published

2020-05-26

Updated

2022-02-21

CVE-2020-10719

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.1.1.Final

Description A flaw was found in the processing of invalid HTTP requests with large chunk sizes, allowing an attacker to take advantage of HTTP request smuggling.

Recommendations For versions prior to 2.1.1.Final, update to version 2.1.1.Final or later to resolve the issue.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

CVE-2020-10719

GHSA-CCCF-7XW3-P2VR

MGASA-2021-0052

OESA-2021-1422

RHSA-2020:2058

RHSA-2020:2059

RHSA-2020:2060

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

Affected Products

Undertow

PT-2020-12298 · Red Hat · Undertow

CVE-2020-10719

Weakness Enumeration

Related Identifiers

Affected Products

References · 19