Vulnerabilities > Redhat > Undertow > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
5.0
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
4.3
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
5.0
2019-06-12 CVE-2019-3888 Information Exposure Through Log Files vulnerability in multiple products
A vulnerability was found in Undertow web server before 2.0.21.
network
low complexity
redhat netapp CWE-532
5.0
2018-09-18 CVE-2018-14642 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Undertow
An information leak vulnerability was found in Undertow.
network
low complexity
redhat CWE-200
5.0
2018-09-11 CVE-2018-1114 Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust.
network
low complexity
redhat CWE-400
4.0
2018-07-27 CVE-2017-2670 Infinite Loop vulnerability in multiple products
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
network
low complexity
redhat debian CWE-835
5.0
2018-07-27 CVE-2017-12165 HTTP Request Smuggling vulnerability in Redhat Jboss Enterprise Application Platform and Undertow
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
network
low complexity
redhat CWE-444
5.0
2018-07-27 CVE-2017-2666 HTTP Request Smuggling vulnerability in multiple products
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters.
network
low complexity
redhat debian CWE-444
6.4
2018-05-21 CVE-2018-1067 HTTP Response Splitting vulnerability in Redhat Undertow
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
network
low complexity
redhat CWE-113
6.1