Vulnerabilities > Redhat > Undertow > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2024-1459 Path Traversal: '../filedir' vulnerability in Redhat Undertow
A path traversal vulnerability was found in Undertow.
network
low complexity
redhat CWE-24
5.3
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2022-05-24 CVE-2021-3629 Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-400
5.9
2021-03-23 CVE-2019-19343 Improper Resource Shutdown or Release vulnerability in multiple products
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
network
low complexity
redhat netapp CWE-404
5.0
2021-02-23 CVE-2021-20220 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow.
5.8
2020-09-23 CVE-2020-10687 HTTP Request Smuggling vulnerability in Redhat Undertow 1.0.0
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request.
network
high complexity
redhat CWE-444
4.8
2020-06-10 CVE-2020-10705 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error.
network
low complexity
redhat netapp CWE-770
5.0
2020-05-26 CVE-2020-10719 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.
network
low complexity
redhat netapp CWE-444
6.5
2020-04-21 CVE-2020-1757 Improper Input Validation vulnerability in Redhat products
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
network
low complexity
redhat CWE-20
5.5