CVE-2020-10719

CWE-444 — HTTP Request Smuggling8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Oncommand Insight Redhat Undertow RED HAT Undertow +2 more

Timeline

PublishedMay 26

Latest updateApr 30

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages7 packages

▶NVDredhat/undertow< 2.1.1

▶Mavenio.undertow:undertow-core< 2.1.1.Final

▶Debianundertow< 2.1.1-1

▶CVEListV5red_hat/undertowVersions before 2.1.1.Final

▶NVDnetapp/oncommand_insight< 7.3.13

🔴Vulnerability Details

OSV

HTTP Request Smuggling in Undertow↗2021-04-30

▶

GHSA

HTTP Request Smuggling in Undertow↗2021-04-30

▶

CVEList

CVE-2020-10719: A flaw was found in Undertow in versions before 2↗2020-05-26

▶

OSV

CVE-2020-10719: A flaw was found in Undertow in versions before 2↗2020-05-26

▶

📋Vendor Advisories

Red Hat

undertow: invalid HTTP request with large chunk size↗2020-05-06

▶

Debian

CVE-2020-10719: undertow - A flaw was found in Undertow in versions before 2.1.1.Final, regarding the proce...↗2020

▶

💬Community

Bugzilla

CVE-2020-10719 undertow: invalid HTTP request with large chunk size↗2020-04-27

▶