CVE-2020-10705

CWE-770 — Allocation without Limits CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

7.5HIGH

EPSS

0.3%

top 46.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow Redhat Jboss Enterprise Application Platform

Timeline

PublishedJun 10

Latest updateApr 30

Description

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDredhat/undertow< 2.1.1

▶Mavenio.undertow:undertow-core< 2.1.1.Final

▶Debianundertow< 2.1.1-1

▶CVEListV5undertowVersions before Undertow 2.1.1.Final.

▶NVDredhat/jboss_enterprise_application_platform7.2

🔴Vulnerability Details

GHSA

Allocation of Resources Without Limits or Throttling in Undertow↗2021-04-30

▶

OSV

Allocation of Resources Without Limits or Throttling in Undertow↗2021-04-30

▶

OSV

CVE-2020-10705: A flaw was discovered in Undertow in versions before Undertow 2↗2020-06-10

▶

CVEList

CVE-2020-10705: A flaw was discovered in Undertow in versions before Undertow 2↗2020-06-10

▶

📋Vendor Advisories

Red Hat

undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header↗2020-05-11

▶

Debian

CVE-2020-10705: undertow - A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where ...↗2020

▶

💬Community

Bugzilla

CVE-2020-10705 undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header↗2020-02-14

▶