CVE-2020-10719

MEDIUM

Undertow <2.1.1.Final - SSRF

Title source: llm

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

References (2)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220210-0014/

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-444

Status published

Products (12)

io.undertow/undertow-core 0 - 2.1.1.FinalMaven

netapp/active_iq_unified_manager (3 CPE variants)

netapp/oncommand_insight < 7.3.13

netapp/oncommand_workflow_automation

redhat/fuse 1.0

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform 7.3

redhat/jboss_enterprise_application_platform 7.4

redhat/jboss_enterprise_application_platform 7.2

redhat/openshift_application_runtimes

... and 2 more

Published May 26, 2020

Tracked Since Feb 18, 2026