Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10705

Опубликовано: 11 мая 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

A flaw was discovered in Undertow where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Меры по смягчению последствий

There is currently no known mitigation for this security flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Decision Manager 7undertowNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat OpenShift Application RuntimesundertowAffected
Red Hat Process Automation 7undertowNot affected
EAP-CD 20 Tech PreviewundertowFixedRHSA-2020:358531.08.2020
Red Hat JBoss EAP 7FixedRHSA-2020:251510.06.2020
Red Hat JBoss EAP 7.2undertow-coreFixedRHSA-2020:206111.05.2020
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6eap7-activemq-artemisFixedRHSA-2020:205811.05.2020
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6eap7-apache-cxfFixedRHSA-2020:205811.05.2020
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6eap7-bouncycastleFixedRHSA-2020:205811.05.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1803241undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header

EPSS

Процентиль: 59%
0.00384
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-10705

CVSS3: 7.5
ubuntu
больше 5 лет назад

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

nvd логотип

CVE-2020-10705

CVSS3: 7.5
nvd
больше 5 лет назад

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

debian логотип

CVE-2020-10705

CVSS3: 7.5
debian
больше 5 лет назад

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...

github логотип

GHSA-g4cp-h53p-v3v8

CVSS3: 7.5
github
почти 5 лет назад

Allocation of Resources Without Limits or Throttling in Undertow

EPSS

Процентиль: 59%
0.00384
Низкий

7.5 High

CVSS3

Уязвимость CVE-2020-10705