Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-10687

Опубликовано: 23 сент. 2020
Источник: nvd
CVSS3: 4.8
CVSS2: 5.8
EPSS Низкий

Описание

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия до 2.2.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00123
Низкий

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-444
CWE-444

Связанные уязвимости

ubuntu логотип

CVE-2020-10687

CVSS3: 4.8
ubuntu
больше 5 лет назад

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

redhat логотип

CVE-2020-10687

CVSS3: 4.8
redhat
почти 6 лет назад

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

debian логотип

CVE-2020-10687

CVSS3: 4.8
debian
больше 5 лет назад

A flaw was discovered in all versions of Undertow before Undertow 2.2. ...

github логотип

GHSA-p9w3-gwc2-cr49

CVSS3: 4.8
github
почти 5 лет назад

HTTP Request Smuggling in Undertow

EPSS

Процентиль: 32%
0.00123
Низкий

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-444
CWE-444