Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json

reference_url

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10212

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.63867
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10212

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

reference_url

https://security.netapp.com/advisory/ntap-20220210-0017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0017

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1731984
reference_id	1731984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1731984

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10212

reference_id

CVE-2019-10212

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10212

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.20.Final

purl pkg:maven/io.undertow/undertow-core@2.0.20.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final

url	pkg:maven/io.undertow/undertow-core@2.0.20
purl	pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20

aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gjh-hhzw-jyda

url VCID-4qfb-8hen-qkc7

vulnerability_id VCID-4qfb-8hen-qkc7

summary

Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0729

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0729

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14888

reference_id

reference_type

scores

value	0.00242
scoring_system	epss
scoring_elements	0.47618
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14888

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888

reference_url

https://security.netapp.com/advisory/ntap-20220211-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220211-0001

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1772464
reference_id	1772464
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1772464

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14888

reference_id

CVE-2019-14888

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14888

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2367
reference_id	RHSA-2020:2367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2367

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.29.Final

purl pkg:maven/io.undertow/undertow-core@2.0.29.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final

aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfb-8hen-qkc7

url VCID-4zav-auak-8qbu

vulnerability_id VCID-4zav-auak-8qbu

summary

Uncontrolled Resource Consumption
It was found that `URLResource.getLastModified()` in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2669

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2669

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1114

reference_id

reference_type

scores

value	0.00707
scoring_system	epss
scoring_elements	0.7254
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1114

reference_url

https://bugs.openjdk.java.net/browse/JDK-6956385

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.openjdk.java.net/browse/JDK-6956385

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114

reference_url	https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e

reference_url	https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64

reference_url

https://issues.jboss.org/browse/UNDERTOW-1338

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/UNDERTOW-1338

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1573045
reference_id	1573045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1573045

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id	897247
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1114

reference_id

CVE-2018-1114

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1114

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.4.25.Final

purl pkg:maven/io.undertow/undertow-core@1.4.25.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final

url pkg:maven/io.undertow/undertow-core@2.0.5.Final

purl pkg:maven/io.undertow/undertow-core@2.0.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final

url	pkg:maven/io.undertow/undertow-core@2.0.5
purl	pkg:maven/io.undertow/undertow-core@2.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5

aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zav-auak-8qbu

url VCID-63qx-1wuv-qufb

vulnerability_id VCID-63qx-1wuv-qufb

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10719

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37499
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10719

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

reference_url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1828459
reference_id	1828459
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1828459

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id	969913
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10719

reference_id

CVE-2020-10719

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10719

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.1.1.Final

purl pkg:maven/io.undertow/undertow-core@2.1.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final

aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63qx-1wuv-qufb

url VCID-641y-uckh-gfen

vulnerability_id VCID-641y-uckh-gfen

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20220

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39604
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20220

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1923133

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1923133

reference_url

https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f

reference_url

https://security.netapp.com/advisory/ntap-20220210-0013

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0013

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20220

reference_id

CVE-2021-20220

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20220

reference_url	https://access.redhat.com/errata/RHSA-2021:0872
reference_id	RHSA-2021:0872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0872

reference_url	https://access.redhat.com/errata/RHSA-2021:0873
reference_id	RHSA-2021:0873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0873

reference_url	https://access.redhat.com/errata/RHSA-2021:0874
reference_id	RHSA-2021:0874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0874

reference_url	https://access.redhat.com/errata/RHSA-2021:0885
reference_id	RHSA-2021:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0885

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

reference_url	https://access.redhat.com/errata/RHSA-2021:2210
reference_id	RHSA-2021:2210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2210

reference_url	https://access.redhat.com/errata/RHSA-2021:2755
reference_id	RHSA-2021:2755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2755

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.34.Final

purl pkg:maven/io.undertow/undertow-core@2.0.34.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final

url	pkg:maven/io.undertow/undertow-core@2.0.34
purl	pkg:maven/io.undertow/undertow-core@2.0.34
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34

url pkg:maven/io.undertow/undertow-core@2.1.6.Final

purl pkg:maven/io.undertow/undertow-core@2.1.6.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qbnn-jmjd-qqbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final

url	pkg:maven/io.undertow/undertow-core@2.1.6
purl	pkg:maven/io.undertow/undertow-core@2.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6

aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-641y-uckh-gfen

url VCID-9v45-vygq-eugz

vulnerability_id VCID-9v45-vygq-eugz

summary

Loop with Unreachable Exit Condition (Infinite Loop)
With non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-1409.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2670

reference_id

reference_type

scores

value	0.05972
scoring_system	epss
scoring_elements	0.90827
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670

reference_url

https://github.com/advisories/GHSA-3x7h-5hfr-hvjm

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3x7h-5hfr-hvjm

reference_url	https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d

reference_url	http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/98965

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1438885
reference_id	1438885
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1438885

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id	864405
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2670

reference_id

CVE-2017-2670

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2670

reference_url	https://access.redhat.com/errata/RHSA-2017:1409
reference_id	RHSA-2017:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1409

fixed_packages

url	pkg:maven/io.undertow/undertow-core@1.3.28
purl	pkg:maven/io.undertow/undertow-core@1.3.28
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28

url pkg:maven/io.undertow/undertow-core@1.3.28.Final

purl pkg:maven/io.undertow/undertow-core@1.3.28.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-pkzf-4u9a-c3hq

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-vwcx-hrtg-pygs

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-yaw7-jmu3-qyeb

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final

aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v45-vygq-eugz

url VCID-kkn4-9xex-fyb7

vulnerability_id VCID-kkn4-9xex-fyb7

summary

Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:0362

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0362

reference_url

https://access.redhat.com/errata/RHSA-2019:0364

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0364

reference_url

https://access.redhat.com/errata/RHSA-2019:0365

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0365

reference_url

https://access.redhat.com/errata/RHSA-2019:0380

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0380

reference_url

https://access.redhat.com/errata/RHSA-2019:1106

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1106

reference_url

https://access.redhat.com/errata/RHSA-2019:1107

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1107

reference_url

https://access.redhat.com/errata/RHSA-2019:1108

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1108

reference_url

https://access.redhat.com/errata/RHSA-2019:1140

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1140

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14642

reference_id

reference_type

scores

value	0.00708
scoring_system	epss
scoring_elements	0.72565
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14642

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1628702
reference_id	1628702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1628702

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id	911796
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14642

reference_id

CVE-2018-14642

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14642

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.15.Final

purl pkg:maven/io.undertow/undertow-core@2.0.15.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final

url	pkg:maven/io.undertow/undertow-core@2.0.15
purl	pkg:maven/io.undertow/undertow-core@2.0.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15

url	pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
purl	pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL

aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkn4-9xex-fyb7

url VCID-me9g-1s7c-m7cw

vulnerability_id VCID-me9g-1s7c-m7cw

summary

Improper Neutralization of CRLF Sequences in HTTP Headers
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1838.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1838.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1839.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1839.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1840.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1840.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1841.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1841.html

reference_url

https://access.redhat.com/errata/RHSA-2017:3454

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3454

reference_url

https://access.redhat.com/errata/RHSA-2017:3455

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3455

reference_url

https://access.redhat.com/errata/RHSA-2017:3456

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3456

reference_url

https://access.redhat.com/errata/RHSA-2017:3458

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3458

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4993

reference_id

reference_type

scores

value	0.01476
scoring_system	epss
scoring_elements	0.81297
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4993

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1344321

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1344321

reference_url

https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12

reference_url

https://issues.redhat.com/browse/UNDERTOW-827

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-827

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4993

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4993

reference_url	https://access.redhat.com/security/cve/CVE-2016-4993
reference_id	CVE-2016-4993
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2016-4993

reference_url	https://access.redhat.com/errata/RHSA-2016:1838
reference_id	RHSA-2016:1838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1838

reference_url	https://access.redhat.com/errata/RHSA-2016:1839
reference_id	RHSA-2016:1839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1839

reference_url	https://access.redhat.com/errata/RHSA-2016:1840
reference_id	RHSA-2016:1840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1840

reference_url	https://access.redhat.com/errata/RHSA-2016:1841
reference_id	RHSA-2016:1841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1841

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.3.5.Final

purl pkg:maven/io.undertow/undertow-core@1.3.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-9gv3-ujz4-4fau

vulnerability	VCID-9v45-vygq-eugz

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-pkzf-4u9a-c3hq

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-vwcx-hrtg-pygs

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-yaw7-jmu3-qyeb

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.5.Final

url pkg:maven/io.undertow/undertow-core@1.4.0

purl pkg:maven/io.undertow/undertow-core@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-pkzf-4u9a-c3hq

vulnerability	VCID-vwcx-hrtg-pygs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0

url	pkg:maven/io.undertow/undertow-core@2.0.1
purl	pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1

url pkg:maven/io.undertow/undertow-core@2.0.1.Final

purl pkg:maven/io.undertow/undertow-core@2.0.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final

aliases CVE-2016-4993, GHSA-qcqr-hcjq-whfq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me9g-1s7c-m7cw

url VCID-qbnn-jmjd-qqbx

vulnerability_id VCID-qbnn-jmjd-qqbx

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was discovered in all versions of Undertow before Undertow Final, where HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10687

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.30933
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10687

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1785049

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1785049

reference_url

https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20220210-0015

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0015

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10687

reference_id

CVE-2020-10687

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10687

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3461
reference_id	RHSA-2020:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3461

reference_url	https://access.redhat.com/errata/RHSA-2020:3462
reference_id	RHSA-2020:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3462

reference_url	https://access.redhat.com/errata/RHSA-2020:3463
reference_id	RHSA-2020:3463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3463

reference_url	https://access.redhat.com/errata/RHSA-2020:3464
reference_id	RHSA-2020:3464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3464

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2021:0872
reference_id	RHSA-2021:0872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0872

reference_url	https://access.redhat.com/errata/RHSA-2021:0873
reference_id	RHSA-2021:0873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0873

reference_url	https://access.redhat.com/errata/RHSA-2021:0874
reference_id	RHSA-2021:0874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0874

reference_url	https://access.redhat.com/errata/RHSA-2021:0885
reference_id	RHSA-2021:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0885

fixed_packages

url	pkg:maven/io.undertow/undertow-core@2.2.0.Final
purl	pkg:maven/io.undertow/undertow-core@2.2.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final

aliases CVE-2020-10687, GHSA-p9w3-gwc2-cr49

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnn-jmjd-qqbx

url VCID-rxsj-32jz-wugq

vulnerability_id VCID-rxsj-32jz-wugq

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
A flaw was discovered in Undertow where certain requests to the `Expect: ` header may cause an out of memory error. This flaw may potentially lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10705

reference_id

reference_type

scores

value	0.00299
scoring_system	epss
scoring_elements	0.53544
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10705

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1803241

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1803241

reference_url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10705

reference_id

CVE-2020-10705

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10705

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2025:16668
reference_id	RHSA-2025:16668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16668

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.1.1.Final

purl pkg:maven/io.undertow/undertow-core@2.1.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final

aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsj-32jz-wugq

url VCID-uenh-qgna-t7c4

vulnerability_id VCID-uenh-qgna-t7c4

summary

False Positive
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1745

reference_id

reference_type

scores

value	0.00636
scoring_system	epss
scoring_elements	0.70802
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1745

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745

reference_url

https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert

reference_url

https://www.cnvd.org.cn/webinfo/show/5415

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cnvd.org.cn/webinfo/show/5415

reference_url

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1807305
reference_id	1807305
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1807305

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1745

reference_id

CVE-2020-1745

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1745

reference_url	https://access.redhat.com/errata/RHSA-2020:0812
reference_id	RHSA-2020:0812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0812

reference_url	https://access.redhat.com/errata/RHSA-2020:0813
reference_id	RHSA-2020:0813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0813

reference_url	https://access.redhat.com/errata/RHSA-2020:0952
reference_id	RHSA-2020:0952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0952

reference_url	https://access.redhat.com/errata/RHSA-2020:0961
reference_id	RHSA-2020:0961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0961

reference_url	https://access.redhat.com/errata/RHSA-2020:0962
reference_id	RHSA-2020:0962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0962

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2367
reference_id	RHSA-2020:2367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2367

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.30.Final

purl pkg:maven/io.undertow/undertow-core@2.0.30.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final

url	pkg:maven/io.undertow/undertow-core@2.0.30
purl	pkg:maven/io.undertow/undertow-core@2.0.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30

aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uenh-qgna-t7c4

url VCID-vwcx-hrtg-pygs

vulnerability_id VCID-vwcx-hrtg-pygs

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12165

reference_id

reference_type

scores

value	0.01096
scoring_system	epss
scoring_elements	0.78343
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12165

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f

reference_url

https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f

reference_url

https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc

reference_url

https://issues.redhat.com/browse/UNDERTOW-1251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-1251

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1490301
reference_id	1490301
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1490301

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id	885338
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12165

reference_id

CVE-2017-12165

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12165

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.3.31.Final

purl pkg:maven/io.undertow/undertow-core@1.3.31.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-yaw7-jmu3-qyeb

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final

url	pkg:maven/io.undertow/undertow-core@1.3.31
purl	pkg:maven/io.undertow/undertow-core@1.3.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31

url pkg:maven/io.undertow/undertow-core@1.4.17.Final

purl pkg:maven/io.undertow/undertow-core@1.4.17.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-yaw7-jmu3-qyeb

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final

url	pkg:maven/io.undertow/undertow-core@1.4.17
purl	pkg:maven/io.undertow/undertow-core@1.4.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17

url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-me9g-1s7c-m7cw

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

url pkg:maven/io.undertow/undertow-core@2.0.1.Final

purl pkg:maven/io.undertow/undertow-core@2.0.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final

aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs

url VCID-w6r9-g7sc-y3ed

vulnerability_id VCID-w6r9-g7sc-y3ed

summary

Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3888

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.68469
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3888

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

reference_url

https://security.netapp.com/advisory/ntap-20220210-0019

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0019

reference_url

http://www.securityfocus.com/bid/108739

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108739

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id	1693777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id	930349
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3888

reference_id

CVE-2019-3888

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3888

reference_url	https://access.redhat.com/errata/RHSA-2019:1419
reference_id	RHSA-2019:1419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1419

reference_url	https://access.redhat.com/errata/RHSA-2019:1420
reference_id	RHSA-2019:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1420

reference_url	https://access.redhat.com/errata/RHSA-2019:1421
reference_id	RHSA-2019:1421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1421

reference_url	https://access.redhat.com/errata/RHSA-2019:1424
reference_id	RHSA-2019:1424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1424

reference_url

https://access.redhat.com/errata/RHSA-2019:2439

reference_id

RHSA-2019:2439

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2439

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.21.Final

purl pkg:maven/io.undertow/undertow-core@2.0.21.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final

url	pkg:maven/io.undertow/undertow-core@2.0.21
purl	pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21

aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6r9-g7sc-y3ed

url VCID-wncj-73h2-y3cw

vulnerability_id VCID-wncj-73h2-y3cw

summary

Path Traversal
The AJP connector in undertow does not use the `ALLOW_ENCODED_SLASH` option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1048

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66773
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1048

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1534343

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1534343

reference_url	https://cwe.mitre.org/data/definitions/22.html
reference_id
reference_type
scores
url	https://cwe.mitre.org/data/definitions/22.html

reference_url	https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
reference_id	891928
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1048

reference_id

CVE-2018-1048

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1048

reference_url	https://github.com/advisories/GHSA-prfw-3qx6-g9xr
reference_id	GHSA-prfw-3qx6-g9xr
reference_type
scores
url	https://github.com/advisories/GHSA-prfw-3qx6-g9xr

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-me9g-1s7c-m7cw

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

aliases CVE-2018-1048, GHSA-prfw-3qx6-g9xr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wncj-73h2-y3cw

url VCID-xdmu-mgga-xuf2

vulnerability_id VCID-xdmu-mgga-xuf2

summary

HTTP Response Splitting
Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1247

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1247

reference_url

https://access.redhat.com/errata/RHSA-2018:1248

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1248

reference_url

https://access.redhat.com/errata/RHSA-2018:1249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1249

reference_url

https://access.redhat.com/errata/RHSA-2018:1251

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1251

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1067

reference_id

reference_type

scores

value	0.00626
scoring_system	epss
scoring_elements	0.70581
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1067

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067

reference_url	https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8

reference_url	https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1550671
reference_id	1550671
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1550671

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id	900323
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1067

reference_id

CVE-2018-1067

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1067

reference_url	https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id	GHSA-47mp-rq2x-wjf2
reference_type
scores
url	https://github.com/advisories/GHSA-47mp-rq2x-wjf2

reference_url	https://access.redhat.com/errata/RHSA-2020:2562
reference_id	RHSA-2020:2562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2562

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.4.25.Final

purl pkg:maven/io.undertow/undertow-core@1.4.25.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-387y-knja-ukh8

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wncj-73h2-y3cw

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final

url pkg:maven/io.undertow/undertow-core@2.0.5.Final

purl pkg:maven/io.undertow/undertow-core@2.0.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final

aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdmu-mgga-xuf2

url VCID-yaw7-jmu3-qyeb

vulnerability_id VCID-yaw7-jmu3-qyeb

summary

Incorrect Authorization
When using `Digest` authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1525

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1525

reference_url

https://access.redhat.com/errata/RHSA-2018:2405

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://access.redhat.com/errata/RHSA-2018:3768

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3768

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12196

reference_id

reference_type

scores

value	0.00531
scoring_system	epss
scoring_elements	0.67612
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12196

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url