Vulnerabilities > Redhat > Undertow > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-12 | CVE-2024-1459 | Unspecified vulnerability in Redhat Undertow A path traversal vulnerability was found in Undertow. | 5.3 |
2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
2022-05-24 | CVE-2021-3597 | Race Condition vulnerability in multiple products A flaw was found in undertow. | 5.9 |
2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
2021-02-23 | CVE-2021-20220 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow. | 4.8 |
2020-09-23 | CVE-2020-10687 | Unspecified vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
2020-05-26 | CVE-2020-10719 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. | 6.5 |
2018-09-18 | CVE-2018-14642 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Undertow An information leak vulnerability was found in Undertow. | 5.3 |
2018-09-11 | CVE-2018-1114 | Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. | 6.5 |
2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.5 |