Vulnerabilities > Redhat > Undertow > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-23 | CVE-2020-27782 | Unspecified vulnerability in Redhat products A flaw was found in the Undertow AJP connector. | 7.5 |
2020-06-10 | CVE-2020-10705 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. | 7.5 |
2020-04-21 | CVE-2020-1757 | Improper Input Validation vulnerability in Redhat products A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | 8.1 |
2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 7.5 |
2019-07-25 | CVE-2019-10184 | Missing Authorization vulnerability in multiple products undertow before version 2.0.23.Final is vulnerable to an information leak issue. | 7.5 |
2018-07-27 | CVE-2017-2670 | Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | 7.5 |
2018-07-27 | CVE-2017-12165 | HTTP Request Smuggling vulnerability in Redhat Undertow It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. | 7.5 |