CVE-2020-10719

Опубликовано: 06 мая 2020

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
A-MQ Clients 2	undertow	Not affected
Red Hat Data Grid 8	undertow	Not affected
Red Hat Decision Manager 7	undertow	Not affected
Red Hat JBoss Data Grid 7	undertow	Out of support scope
Red Hat OpenShift Application Runtimes	undertow	Affected
Red Hat Process Automation 7	undertow	Not affected
EAP-CD 20 Tech Preview	undertow	Fixed	RHSA-2020:3585	31.08.2020
Red Hat Fuse 7.9	undertow	Fixed	RHSA-2021:3140	11.08.2021
Red Hat JBoss EAP 7	undertow	Fixed	RHSA-2020:2515	10.06.2020
Red Hat JBoss EAP 7.2	undertow	Fixed	RHSA-2020:2061	11.05.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-444

https://bugzilla.redhat.com/show_bug.cgi?id=1828459undertow: invalid HTTP request with large chunk size

EPSS

Процентиль: 38%

0.00167

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-10719

CVSS3: 6.5

ubuntu

больше 5 лет назад

CVE-2020-10719

CVSS3: 6.5

nvd

больше 5 лет назад

CVE-2020-10719

CVSS3: 6.5

debian

больше 5 лет назад

A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...

GHSA-cccf-7xw3-p2vr

CVSS3: 6.5

github

почти 5 лет назад

HTTP Request Smuggling in Undertow

EPSS

Процентиль: 38%

0.00167

Низкий

6.5 Medium

CVSS3