Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-28367

Опубликовано: 27 авг. 2025
Источник: redhat
CVSS3: 8.7

Описание

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

Отчет

The Undertow web server is susceptible to request smuggling when deployed with certain proxy servers that forward \r\r\r as a header block terminator. This flaw could enable an attacker to manipulate web requests, potentially leading to unauthorized access. Red Hat products using Undertow in environments with vulnerable proxy configurations, such as those found in older versions of Apache Traffic Server or Google Cloud Classic Application Load Balancer, are at risk.

Меры по смягчению последствий

To mitigate this vulnerability, configure any proxy servers positioned in front of Undertow to strictly validate HTTP header terminations. Ensure that these proxies are configured to reject or normalize non-standard header block terminators, such as \r\r\r, before forwarding requests to Undertow. This operational control helps prevent request smuggling attacks by ensuring that only properly formed HTTP requests reach the Undertow server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apache Camel for Spring Boot 4undertow-coreAffected
Red Hat build of Apache Camel - HawtIO 4undertow-coreAffected
Red Hat Data Grid 8undertow-coreAffected
Red Hat Enterprise Linux 10moditectNot affected
Red Hat Enterprise Linux 8pki-core:10.6/resteasyNot affected
Red Hat Enterprise Linux 8pki-deps:10.6/resteasyNot affected
Red Hat Enterprise Linux 9resteasyNot affected
Red Hat Fuse 7undertow-coreAffected
Red Hat JBoss Enterprise Application Platform 7undertow-coreWill not fix
Red Hat JBoss Enterprise Application Platform 8org.jberet-jberet-parentAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=2443260undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator

8.7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-28367

CVSS3: 8.7
nvd
4 дня назад

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

debian логотип

CVE-2026-28367

CVSS3: 8.7
debian
4 дня назад

A flaw was found in Undertow. A remote attacker can exploit this vulne ...

github логотип

GHSA-3gv6-g396-9v4r

CVSS3: 8.7
github
4 дня назад

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

8.7 High

CVSS3