CVE-2020-10719

MEDIUM

Undertow < 2.1.1 - HTTP Request Smuggling via Invalid Chunk Size Handling

Title source: llm
STIX 2.1

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220210-0014/

Scores

CVSS v3 6.5
EPSS 0.0100
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-444
Status published
Products (12)
io.undertow/undertow-core 0 - 2.1.1.FinalMaven
netapp/active_iq_unified_manager (3 CPE variants)
netapp/oncommand_insight < 7.3.13
netapp/oncommand_workflow_automation
redhat/fuse 1.0
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform 7.3
redhat/jboss_enterprise_application_platform 7.4
redhat/jboss_enterprise_application_platform 7.2
redhat/openshift_application_runtimes
... and 2 more
Published May 26, 2020
Tracked Since Feb 18, 2026