Vulnerabilities > Redhat > Undertow > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2020-27782 Unspecified vulnerability in Redhat products
A flaw was found in the Undertow AJP connector.
network
low complexity
redhat
7.5
2020-06-10 CVE-2020-10705 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error.
network
low complexity
redhat netapp CWE-770
7.5
2020-04-21 CVE-2020-1757 Improper Input Validation vulnerability in Redhat products
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
network
low complexity
redhat CWE-20
8.1
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
7.5
2018-07-27 CVE-2017-2670 Infinite Loop vulnerability in multiple products
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
network
low complexity
redhat debian CWE-835
7.5
2018-07-27 CVE-2017-12165 HTTP Request Smuggling vulnerability in Redhat Undertow
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
network
low complexity
redhat CWE-444
7.5