Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27782

Опубликовано: 25 янв. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Меры по смягчению последствий

The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of QuarkusundertowNot affected
Red Hat Decision Manager 7undertowNot affected
Red Hat Integration Camel K 1undertowAffected
Red Hat Integration Service RegistryundertowNot affected
Red Hat JBoss Data Grid 7undertowOut of support scope
Red Hat JBoss Fuse 6undertowAffected
Red Hat OpenShift Application RuntimesundertowAffected
Red Hat OpenStack Platform 13 (Queens)opendaylightWill not fix
Red Hat Process Automation 7undertowNot affected
Red Hat support for Spring BootundertowAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1901304undertow: special character in query results in server errors

EPSS

Процентиль: 40%
0.00182
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27782

CVSS3: 7.5
ubuntu
почти 5 лет назад

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

nvd логотип

CVE-2020-27782

CVSS3: 7.5
nvd
почти 5 лет назад

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

debian логотип

CVE-2020-27782

CVSS3: 7.5
debian
почти 5 лет назад

A flaw was found in the Undertow AJP connector. Malicious requests and ...

github логотип

GHSA-rhcw-wjcm-9h6g

CVSS3: 7.5
github
почти 4 года назад

Denial of service in Undertow

EPSS

Процентиль: 40%
0.00182
Низкий

7.5 High

CVSS3