HTTP Request Smuggling in Undertow

GHSA-cccf-7xw3-p2vr · CVE-2020-10719

Published Apr 30, 2021 · Modified Feb 17, 2024

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-10719
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
WEB https://security.netapp.com/advisory/ntap-20220210-0014

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes