Vulnerabilities > Redhat > Undertow > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2024-1459 Unspecified vulnerability in Redhat Undertow
A path traversal vulnerability was found in Undertow.
network
low complexity
redhat
5.3
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9
2021-02-23 CVE-2021-20220 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-444
4.8
2020-09-23 CVE-2020-10687 Unspecified vulnerability in Redhat Undertow 1.0.0
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request.
network
high complexity
redhat
4.8
2020-05-26 CVE-2020-10719 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.
network
low complexity
redhat netapp CWE-444
6.5
2018-09-18 CVE-2018-14642 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Undertow
An information leak vulnerability was found in Undertow.
network
low complexity
redhat CWE-200
5.3
2018-09-11 CVE-2018-1114 Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust.
network
low complexity
redhat CWE-400
6.5
2018-07-27 CVE-2017-2666 HTTP Request Smuggling vulnerability in multiple products
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters.
network
low complexity
redhat debian CWE-444
6.5