CVE-2020-10719

MEDIUM6.5EPSS 0.17%

HTTP Request Smuggling in Undertow

發布日:2021/4/30修改日:2026/4/28

描述

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

受影響套件(2)

Debian/undertowfrom 0, < 2.1.1-1
Maven/io.undertow:undertow-corefrom 0, < 2.1.1.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-10719
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-10719
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
WEBhttps://security.netapp.com/advisory/ntap-20220210-0014