CVE-2020-10719
published 2020-05-26CVE-2020-10719: A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | undertow | < undertow 2.1.1-1 (forky) | undertow 2.1.1-1 (forky) |
| netapp | oncommand_insight | < 7.3.13 | 7.3.13 |
| red_hat | undertow | — | — |
| redhat | fuse | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | undertow | < 2.1.1 | 2.1.1 |
| redhat | undertow | >= 0 < 2.1.1-1 | 2.1.1-1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM