A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220210-0014/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
No history.
Information
Published : 2020-05-26 16:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-10719
Mitre link : CVE-2020-10719
CVE.ORG link : CVE-2020-10719
JSON object : View
Products Affected
redhat
- enterprise_linux
- undertow
- jboss_enterprise_application_platform
- openshift_application_runtimes
- fuse
- single_sign-on
netapp
- oncommand_insight
- active_iq_unified_manager
- oncommand_workflow_automation
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')