Vulnerabilities > Redhat > Undertow > 2.0.31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-23 | CVE-2020-10687 | HTTP Request Smuggling vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
2020-06-10 | CVE-2020-10705 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. | 5.0 |
2020-05-26 | CVE-2020-10719 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. | 6.5 |