Описание
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 4 | undertow-core | Affected | ||
| Red Hat build of Apache Camel - HawtIO 4 | undertow-core | Affected | ||
| Red Hat Data Grid 8 | undertow-core | Affected | ||
| Red Hat Enterprise Linux 10 | moditect | Not affected | ||
| Red Hat Enterprise Linux 8 | pki-core:10.6/resteasy | Not affected | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/resteasy | Not affected | ||
| Red Hat Enterprise Linux 9 | resteasy | Affected | ||
| Red Hat Fuse 7 | undertow-core | Affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | undertow-core | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.jberet-jberet-parent | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.7 High
CVSS3
Связанные уязвимости
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.
A flaw was found in Undertow. When Undertow receives an HTTP request w ...
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.
EPSS
8.7 High
CVSS3