Vulnerabilities > Redhat > Undertow

DATE CVE VULNERABILITY TITLE RISK
2018-05-21 CVE-2018-1067 HTTP Response Splitting vulnerability in Redhat Undertow
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
network
low complexity
redhat CWE-113
6.1
2018-04-18 CVE-2017-12196 Incorrect Authorization vulnerability in Redhat products
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line.
network
high complexity
redhat CWE-863
5.9
2018-01-10 CVE-2017-7559 HTTP Request Smuggling vulnerability in Redhat Undertow
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters.
network
low complexity
redhat CWE-444
6.1