CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Published: May 26, 2020
Updated: Nov 8, 2023
CVE: CVE-2020-10719
GHSA: GHSA-cccf-7xw3-p2vr
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
redhat / undertow	-	2.1.1
netapp / oncommand_insight	-	7.3.13
redhat / fuse	1.0	1.0.x
redhat / jboss_enterprise_application_platform	7.3	7.3.x
redhat / jboss_enterprise_application_platform	7.4	7.4.x
redhat / jboss_enterprise_application_platform	7.2	7.2.x
io.undertow / undertow-core	-	2.1.1.Final

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
https://security.netapp.com/advisory/ntap-20220210-0014/

Vulnerability Database

289,599

CVE-2020-10719