Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/undertow@2.3.20-1?distro=sid
Typedeb
Namespacedebian
Nameundertow
Version2.3.20-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-14ff-vn3t-vyhy
vulnerability_id VCID-14ff-vn3t-vyhy
summary 
Undertow vulnerable to memory exhaustion due to buffer leak
Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3690
2
reference_url https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3690
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51195
published_at 2026-04-08T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.5117
published_at 2026-04-24T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51223
published_at 2026-04-21T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51246
published_at 2026-04-18T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51239
published_at 2026-04-16T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51106
published_at 2026-04-01T12:55:00Z
6
value 0.00278
scoring_system epss
scoring_elements 0.51159
published_at 2026-04-02T12:55:00Z
7
value 0.00278
scoring_system epss
scoring_elements 0.51183
published_at 2026-04-04T12:55:00Z
8
value 0.00278
scoring_system epss
scoring_elements 0.51141
published_at 2026-04-07T12:55:00Z
9
value 0.00278
scoring_system epss
scoring_elements 0.512
published_at 2026-04-13T12:55:00Z
10
value 0.00278
scoring_system epss
scoring_elements 0.51214
published_at 2026-04-12T12:55:00Z
11
value 0.00278
scoring_system epss
scoring_elements 0.51236
published_at 2026-04-11T12:55:00Z
12
value 0.00278
scoring_system epss
scoring_elements 0.51192
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3690
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1991299
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1991299
5
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
6
reference_url https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
7
reference_url https://issues.redhat.com/browse/UNDERTOW-1935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1935
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3690
9
reference_url https://www.mend.io/vulnerability-database/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mend.io/vulnerability-database/CVE-2021-3690
10
reference_url https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
reference_id GHSA-fj7c-vg2v-ccrm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
11
reference_url https://access.redhat.com/errata/RHSA-2021:3216
reference_id RHSA-2021:3216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3216
12
reference_url https://access.redhat.com/errata/RHSA-2021:3217
reference_id RHSA-2021:3217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3217
13
reference_url https://access.redhat.com/errata/RHSA-2021:3218
reference_id RHSA-2021:3218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3218
14
reference_url https://access.redhat.com/errata/RHSA-2021:3219
reference_id RHSA-2021:3219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3219
15
reference_url https://access.redhat.com/errata/RHSA-2021:3425
reference_id RHSA-2021:3425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3425
16
reference_url https://access.redhat.com/errata/RHSA-2021:3466
reference_id RHSA-2021:3466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3466
17
reference_url https://access.redhat.com/errata/RHSA-2021:3467
reference_id RHSA-2021:3467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3467
18
reference_url https://access.redhat.com/errata/RHSA-2021:3468
reference_id RHSA-2021:3468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3468
19
reference_url https://access.redhat.com/errata/RHSA-2021:3471
reference_id RHSA-2021:3471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3471
20
reference_url https://access.redhat.com/errata/RHSA-2021:3516
reference_id RHSA-2021:3516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3516
21
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
22
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
23
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
24
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
25
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
26
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
27
reference_url https://access.redhat.com/errata/RHSA-2022:1029
reference_id RHSA-2022:1029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1029
fixed_packages
0
url pkg:deb/debian/undertow@2.2.10-1?distro=sid
purl pkg:deb/debian/undertow@2.2.10-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.10-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2021-3690, GHSA-fj7c-vg2v-ccrm, GMS-2022-2964
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14ff-vn3t-vyhy
1
url VCID-1vrj-chs2-d3ab
vulnerability_id VCID-1vrj-chs2-d3ab
summary 
Undertow Denial of Service vulnerability
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1674
1
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1675
2
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1676
3
reference_url https://access.redhat.com/errata/RHSA-2024:1677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1677
4
reference_url https://access.redhat.com/errata/RHSA-2024:2763
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:2763
5
reference_url https://access.redhat.com/errata/RHSA-2024:2764
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:2764
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
7
reference_url https://access.redhat.com/security/cve/CVE-2023-1973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/security/cve/CVE-2023-1973
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1973
reference_id
reference_type
scores
0
value 0.00727
scoring_system epss
scoring_elements 0.72652
published_at 2026-04-16T12:55:00Z
1
value 0.00727
scoring_system epss
scoring_elements 0.72571
published_at 2026-04-02T12:55:00Z
2
value 0.00727
scoring_system epss
scoring_elements 0.72694
published_at 2026-04-24T12:55:00Z
3
value 0.00727
scoring_system epss
scoring_elements 0.72653
published_at 2026-04-21T12:55:00Z
4
value 0.00727
scoring_system epss
scoring_elements 0.72662
published_at 2026-04-18T12:55:00Z
5
value 0.00727
scoring_system epss
scoring_elements 0.72587
published_at 2026-04-04T12:55:00Z
6
value 0.00727
scoring_system epss
scoring_elements 0.72564
published_at 2026-04-07T12:55:00Z
7
value 0.00727
scoring_system epss
scoring_elements 0.72602
published_at 2026-04-08T12:55:00Z
8
value 0.00727
scoring_system epss
scoring_elements 0.72614
published_at 2026-04-09T12:55:00Z
9
value 0.00727
scoring_system epss
scoring_elements 0.72637
published_at 2026-04-11T12:55:00Z
10
value 0.00727
scoring_system epss
scoring_elements 0.7262
published_at 2026-04-12T12:55:00Z
11
value 0.00727
scoring_system epss
scoring_elements 0.72609
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1973
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2185662
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2185662
10
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
11
reference_url https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
12
reference_url https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1973
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
reference_id 1068815
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
22
reference_url https://github.com/advisories/GHSA-97cq-f4jm-mv8h
reference_id GHSA-97cq-f4jm-mv8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97cq-f4jm-mv8h
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2023-1973, GHSA-97cq-f4jm-mv8h
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrj-chs2-d3ab
2
url VCID-1w4t-um5v-jkfv
vulnerability_id VCID-1w4t-um5v-jkfv
summary 
Path Traversal
The AJP connector in undertow does not use the `ALLOW_ENCODED_SLASH` option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66461
published_at 2026-04-24T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.6643
published_at 2026-04-12T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.664
published_at 2026-04-13T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66436
published_at 2026-04-16T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66453
published_at 2026-04-18T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66438
published_at 2026-04-21T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.66326
published_at 2026-04-01T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.66365
published_at 2026-04-02T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.66391
published_at 2026-04-04T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66361
published_at 2026-04-07T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66409
published_at 2026-04-08T12:55:00Z
11
value 0.0051
scoring_system epss
scoring_elements 0.66423
published_at 2026-04-09T12:55:00Z
12
value 0.0051
scoring_system epss
scoring_elements 0.66443
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
7
reference_url https://cwe.mitre.org/data/definitions/22.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/22.html
8
reference_url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
reference_id 891928
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
reference_id CVE-2018-1048
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
11
reference_url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
reference_id GHSA-prfw-3qx6-g9xr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
fixed_packages
0
url pkg:deb/debian/undertow@1.4.22-1?distro=sid
purl pkg:deb/debian/undertow@1.4.22-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.22-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2018-1048, GHSA-prfw-3qx6-g9xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w4t-um5v-jkfv
3
url VCID-2cv5-9v62-kfbm
vulnerability_id VCID-2cv5-9v62-kfbm
summary 
Undertow Path Traversal vulnerability
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1674
1
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1675
2
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1676
3
reference_url https://access.redhat.com/errata/RHSA-2024:1677
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:1677
4
reference_url https://access.redhat.com/errata/RHSA-2024:2763
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:2763
5
reference_url https://access.redhat.com/errata/RHSA-2024:2764
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:2764
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
7
reference_url https://access.redhat.com/security/cve/CVE-2024-1459
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/security/cve/CVE-2024-1459
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1459
reference_id
reference_type
scores
0
value 0.10104
scoring_system epss
scoring_elements 0.93073
published_at 2026-04-07T12:55:00Z
1
value 0.10104
scoring_system epss
scoring_elements 0.93106
published_at 2026-04-16T12:55:00Z
2
value 0.10104
scoring_system epss
scoring_elements 0.93089
published_at 2026-04-13T12:55:00Z
3
value 0.10104
scoring_system epss
scoring_elements 0.93088
published_at 2026-04-12T12:55:00Z
4
value 0.10104
scoring_system epss
scoring_elements 0.9309
published_at 2026-04-11T12:55:00Z
5
value 0.10104
scoring_system epss
scoring_elements 0.93085
published_at 2026-04-09T12:55:00Z
6
value 0.10104
scoring_system epss
scoring_elements 0.9307
published_at 2026-04-02T12:55:00Z
7
value 0.10104
scoring_system epss
scoring_elements 0.93081
published_at 2026-04-08T12:55:00Z
8
value 0.10104
scoring_system epss
scoring_elements 0.9312
published_at 2026-04-24T12:55:00Z
9
value 0.10104
scoring_system epss
scoring_elements 0.93115
published_at 2026-04-21T12:55:00Z
10
value 0.10104
scoring_system epss
scoring_elements 0.9311
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1459
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259475
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2259475
10
reference_url https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
11
reference_url https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
12
reference_url https://github.com/undertow-io/undertow/pull/1556
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1556
13
reference_url https://issues.redhat.com/browse/UNDERTOW-2339
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2339
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1459
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1459
15
reference_url https://security.netapp.com/advisory/ntap-20241122-0008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241122-0008
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
reference_id 1068816
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
31
reference_url https://github.com/advisories/GHSA-v76w-3ph8-vm66
reference_id GHSA-v76w-3ph8-vm66
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v76w-3ph8-vm66
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-1459, GHSA-v76w-3ph8-vm66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cv5-9v62-kfbm
4
url VCID-2e2u-nvuu-kfbs
vulnerability_id VCID-2e2u-nvuu-kfbs
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3454
1
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3455
2
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3456
3
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3458
4
reference_url https://access.redhat.com/errata/RHSA-2018:0002
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0002
5
reference_url https://access.redhat.com/errata/RHSA-2018:0003
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0003
6
reference_url https://access.redhat.com/errata/RHSA-2018:0004
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0004
7
reference_url https://access.redhat.com/errata/RHSA-2018:0005
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0005
8
reference_url https://access.redhat.com/errata/RHSA-2018:1322
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1322
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
reference_id
reference_type
scores
0
value 0.01128
scoring_system epss
scoring_elements 0.78358
published_at 2026-04-24T12:55:00Z
1
value 0.01128
scoring_system epss
scoring_elements 0.78326
published_at 2026-04-21T12:55:00Z
2
value 0.01128
scoring_system epss
scoring_elements 0.78324
published_at 2026-04-11T12:55:00Z
3
value 0.01128
scoring_system epss
scoring_elements 0.78285
published_at 2026-04-04T12:55:00Z
4
value 0.01128
scoring_system epss
scoring_elements 0.78267
published_at 2026-04-07T12:55:00Z
5
value 0.01128
scoring_system epss
scoring_elements 0.78293
published_at 2026-04-08T12:55:00Z
6
value 0.01128
scoring_system epss
scoring_elements 0.78299
published_at 2026-04-09T12:55:00Z
7
value 0.01128
scoring_system epss
scoring_elements 0.78329
published_at 2026-04-18T12:55:00Z
8
value 0.01128
scoring_system epss
scoring_elements 0.78331
published_at 2026-04-16T12:55:00Z
9
value 0.01128
scoring_system epss
scoring_elements 0.78246
published_at 2026-04-01T12:55:00Z
10
value 0.01128
scoring_system epss
scoring_elements 0.78302
published_at 2026-04-13T12:55:00Z
11
value 0.01128
scoring_system epss
scoring_elements 0.78307
published_at 2026-04-12T12:55:00Z
12
value 0.01128
scoring_system epss
scoring_elements 0.78254
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
12
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
13
reference_url https://issues.jboss.org/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1251
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1481665
reference_id 1481665
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1481665
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
reference_id 885576
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.0.0:alpha1:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:2.0.0:alpha1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.0.0:alpha1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
reference_id CVE-2017-7559
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
19
reference_url https://github.com/advisories/GHSA-rj76-h87p-r3wf
reference_id GHSA-rj76-h87p-r3wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj76-h87p-r3wf
fixed_packages
0
url pkg:deb/debian/undertow@1.4.23-1?distro=sid
purl pkg:deb/debian/undertow@1.4.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-7559, GHSA-rj76-h87p-r3wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e2u-nvuu-kfbs
5
url VCID-2ez8-r9wv-53du
vulnerability_id VCID-2ez8-r9wv-53du
summary undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1525
5
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
6
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66518
published_at 2026-04-02T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66563
published_at 2026-04-08T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66514
published_at 2026-04-07T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66479
published_at 2026-04-01T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66543
published_at 2026-04-04T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66551
published_at 2026-04-13T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66583
published_at 2026-04-12T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66595
published_at 2026-04-11T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66576
published_at 2026-04-09T12:55:00Z
9
value 0.00531
scoring_system epss
scoring_elements 0.67302
published_at 2026-04-16T12:55:00Z
10
value 0.00531
scoring_system epss
scoring_elements 0.67315
published_at 2026-04-18T12:55:00Z
11
value 0.00531
scoring_system epss
scoring_elements 0.67294
published_at 2026-04-21T12:55:00Z
12
value 0.00531
scoring_system epss
scoring_elements 0.67314
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
10
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
11
reference_url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
12
reference_url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
13
reference_url https://issues.jboss.org/browse/UNDERTOW-1190
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1503055
reference_id 1503055
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1503055
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
reference_id CVE-2017-12196
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
16
reference_url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
reference_id GHSA-cp7v-vmv7-6x2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
17
reference_url https://access.redhat.com/errata/RHSA-2020:2561
reference_id RHSA-2020:2561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2561
18
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:deb/debian/undertow@1.4.25-1?distro=sid
purl pkg:deb/debian/undertow@1.4.25-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.25-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-12196, GHSA-cp7v-vmv7-6x2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ez8-r9wv-53du
6
url VCID-469b-j213-6ufk
vulnerability_id VCID-469b-j213-6ufk
summary 
Undertow Uncontrolled Resource Consumption Vulnerability
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. 

At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1674
1
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1675
2
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1676
3
reference_url https://access.redhat.com/errata/RHSA-2024:1677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1677
4
reference_url https://access.redhat.com/errata/RHSA-2024:1860
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1860
5
reference_url https://access.redhat.com/errata/RHSA-2024:1861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1861
6
reference_url https://access.redhat.com/errata/RHSA-2024:1862
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1862
7
reference_url https://access.redhat.com/errata/RHSA-2024:1864
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1864
8
reference_url https://access.redhat.com/errata/RHSA-2024:1866
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:1866
9
reference_url https://access.redhat.com/errata/RHSA-2024:3354
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:3354
10
reference_url https://access.redhat.com/errata/RHSA-2024:4884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2024:4884
11
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/errata/RHSA-2025:4226
12
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1635.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1635.json
13
reference_url https://access.redhat.com/security/cve/CVE-2024-1635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://access.redhat.com/security/cve/CVE-2024-1635
14
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1635
reference_id
reference_type
scores
0
value 0.22688
scoring_system epss
scoring_elements 0.95855
published_at 2026-04-08T12:55:00Z
1
value 0.22688
scoring_system epss
scoring_elements 0.95858
published_at 2026-04-09T12:55:00Z
2
value 0.22688
scoring_system epss
scoring_elements 0.95846
published_at 2026-04-07T12:55:00Z
3
value 0.22688
scoring_system epss
scoring_elements 0.95861
published_at 2026-04-12T12:55:00Z
4
value 0.22688
scoring_system epss
scoring_elements 0.95862
published_at 2026-04-13T12:55:00Z
5
value 0.22688
scoring_system epss
scoring_elements 0.95874
published_at 2026-04-16T12:55:00Z
6
value 0.22688
scoring_system epss
scoring_elements 0.95879
published_at 2026-04-18T12:55:00Z
7
value 0.22688
scoring_system epss
scoring_elements 0.95882
published_at 2026-04-21T12:55:00Z
8
value 0.23144
scoring_system epss
scoring_elements 0.95948
published_at 2026-04-24T12:55:00Z
9
value 0.23144
scoring_system epss
scoring_elements 0.959
published_at 2026-04-02T12:55:00Z
10
value 0.23144
scoring_system epss
scoring_elements 0.95909
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1635
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2264928
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:54:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2264928
16
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
17
reference_url https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/3cdb104e225f34547ce9fd6eb8799eb68e040f19
18
reference_url https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/7d388c5aae9b82afb63f24e3b6a2044838dfb4de
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1635
20
reference_url https://security.netapp.com/advisory/ntap-20240322-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240322-0007
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068817
reference_id 1068817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068817
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
reference_id cpe:/a:redhat:amq_streams:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
reference_id cpe:/a:redhat:camel_quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
reference_id cpe:/a:redhat:camel_spring_boot:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
reference_id cpe:/a:redhat:jboss_fuse_service_works:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
reference_id cpe:/a:redhat:optaplanner:::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id cpe:/a:redhat:quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
52
reference_url https://github.com/advisories/GHSA-w6qf-42m7-vh68
reference_id GHSA-w6qf-42m7-vh68
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6qf-42m7-vh68
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-1635, GHSA-w6qf-42m7-vh68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-469b-j213-6ufk
7
url VCID-4kdg-asyc-rbdx
vulnerability_id VCID-4kdg-asyc-rbdx
summary 
Undertow Missing Authorization when requesting a protected directory without trailing slash
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2935
1
reference_url https://access.redhat.com/errata/RHSA-2019:2936
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2936
2
reference_url https://access.redhat.com/errata/RHSA-2019:2937
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2937
3
reference_url https://access.redhat.com/errata/RHSA-2019:2938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2938
4
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
5
reference_url https://access.redhat.com/errata/RHSA-2019:3044
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3044
6
reference_url https://access.redhat.com/errata/RHSA-2019:3045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3045
7
reference_url https://access.redhat.com/errata/RHSA-2019:3046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3046
8
reference_url https://access.redhat.com/errata/RHSA-2019:3050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3050
9
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10184.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10184.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10184
reference_id
reference_type
scores
0
value 0.01424
scoring_system epss
scoring_elements 0.80584
published_at 2026-04-04T12:55:00Z
1
value 0.01424
scoring_system epss
scoring_elements 0.80555
published_at 2026-04-01T12:55:00Z
2
value 0.01424
scoring_system epss
scoring_elements 0.80562
published_at 2026-04-02T12:55:00Z
3
value 0.01424
scoring_system epss
scoring_elements 0.80576
published_at 2026-04-07T12:55:00Z
4
value 0.01424
scoring_system epss
scoring_elements 0.80604
published_at 2026-04-08T12:55:00Z
5
value 0.01424
scoring_system epss
scoring_elements 0.80614
published_at 2026-04-09T12:55:00Z
6
value 0.01424
scoring_system epss
scoring_elements 0.80631
published_at 2026-04-11T12:55:00Z
7
value 0.01424
scoring_system epss
scoring_elements 0.80618
published_at 2026-04-12T12:55:00Z
8
value 0.01424
scoring_system epss
scoring_elements 0.80609
published_at 2026-04-13T12:55:00Z
9
value 0.01508
scoring_system epss
scoring_elements 0.8124
published_at 2026-04-24T12:55:00Z
10
value 0.01508
scoring_system epss
scoring_elements 0.81219
published_at 2026-04-16T12:55:00Z
11
value 0.01508
scoring_system epss
scoring_elements 0.8122
published_at 2026-04-18T12:55:00Z
12
value 0.01508
scoring_system epss
scoring_elements 0.81218
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10184
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
13
reference_url https://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa
14
reference_url https://github.com/undertow-io/undertow/pull/794
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/794
15
reference_url https://issues.redhat.com/browse/UNDERTOW-1578
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1578
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10184
17
reference_url https://security.netapp.com/advisory/ntap-20220210-0016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0016
18
reference_url https://security.netapp.com/advisory/ntap-20220210-0016/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0016/
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1713068
reference_id 1713068
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1713068
20
reference_url https://github.com/advisories/GHSA-w69w-jvc7-wjgv
reference_id GHSA-w69w-jvc7-wjgv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w69w-jvc7-wjgv
21
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-10184, GHSA-w69w-jvc7-wjgv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kdg-asyc-rbdx
8
url VCID-4v1f-kt5y-w7d1
vulnerability_id VCID-4v1f-kt5y-w7d1
summary Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2764
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57338
published_at 2026-04-04T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57314
published_at 2026-04-07T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57366
published_at 2026-04-08T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57368
published_at 2026-04-16T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57383
published_at 2026-04-11T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57363
published_at 2026-04-18T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57342
published_at 2026-04-21T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57299
published_at 2026-04-24T12:55:00Z
8
value 0.00521
scoring_system epss
scoring_elements 0.66803
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2764
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2117506
reference_id 2117506
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2117506
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2764
reference_id CVE-2022-2764
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-2764
4
reference_url https://access.redhat.com/errata/RHSA-2022:8790
reference_id RHSA-2022:8790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8790
5
reference_url https://access.redhat.com/errata/RHSA-2022:8791
reference_id RHSA-2022:8791
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8791
6
reference_url https://access.redhat.com/errata/RHSA-2022:8792
reference_id RHSA-2022:8792
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8792
7
reference_url https://access.redhat.com/errata/RHSA-2022:8793
reference_id RHSA-2022:8793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8793
fixed_packages
0
url pkg:deb/debian/undertow@2.2.21-1?distro=sid
purl pkg:deb/debian/undertow@2.2.21-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.21-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2022-2764
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v1f-kt5y-w7d1
9
url VCID-5585-a76n-zubf
vulnerability_id VCID-5585-a76n-zubf
summary 
Allocation of Resources Without Limits or Throttling
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:4509
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4509
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5379
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33623
published_at 2026-04-24T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.34108
published_at 2026-04-02T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.3404
published_at 2026-04-16T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.33994
published_at 2026-04-21T12:55:00Z
4
value 0.00139
scoring_system epss
scoring_elements 0.34139
published_at 2026-04-04T12:55:00Z
5
value 0.00139
scoring_system epss
scoring_elements 0.33999
published_at 2026-04-07T12:55:00Z
6
value 0.00139
scoring_system epss
scoring_elements 0.34042
published_at 2026-04-08T12:55:00Z
7
value 0.00139
scoring_system epss
scoring_elements 0.34073
published_at 2026-04-09T12:55:00Z
8
value 0.00139
scoring_system epss
scoring_elements 0.34071
published_at 2026-04-11T12:55:00Z
9
value 0.00139
scoring_system epss
scoring_elements 0.34028
published_at 2026-04-18T12:55:00Z
10
value 0.00139
scoring_system epss
scoring_elements 0.34005
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5379
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242099
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2242099
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055
reference_id 1059055
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
17
reference_url https://access.redhat.com/security/cve/CVE-2023-5379
reference_id CVE-2023-5379
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://access.redhat.com/security/cve/CVE-2023-5379
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5379
reference_id CVE-2023-5379
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5379
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2023-5379
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5585-a76n-zubf
10
url VCID-62gn-nwup-8uat
vulnerability_id VCID-62gn-nwup-8uat
summary undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1259
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.5052
published_at 2026-04-01T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50576
published_at 2026-04-02T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.50604
published_at 2026-04-04T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.50557
published_at 2026-04-07T12:55:00Z
4
value 0.00272
scoring_system epss
scoring_elements 0.50611
published_at 2026-04-08T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50608
published_at 2026-04-09T12:55:00Z
6
value 0.00272
scoring_system epss
scoring_elements 0.50651
published_at 2026-04-11T12:55:00Z
7
value 0.00272
scoring_system epss
scoring_elements 0.50628
published_at 2026-04-12T12:55:00Z
8
value 0.00272
scoring_system epss
scoring_elements 0.50614
published_at 2026-04-13T12:55:00Z
9
value 0.00272
scoring_system epss
scoring_elements 0.50656
published_at 2026-04-16T12:55:00Z
10
value 0.00272
scoring_system epss
scoring_elements 0.50661
published_at 2026-04-18T12:55:00Z
11
value 0.00272
scoring_system epss
scoring_elements 0.5064
published_at 2026-04-21T12:55:00Z
12
value 0.00272
scoring_system epss
scoring_elements 0.50588
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1259
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2072339
reference_id 2072339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2072339
3
reference_url https://access.redhat.com/security/cve/CVE-2022-1259
reference_id CVE-2022-1259
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1259
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1259
reference_id CVE-2022-1259
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1259
5
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
6
reference_url https://access.redhat.com/errata/RHSA-2022:6821
reference_id RHSA-2022:6821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6821
7
reference_url https://access.redhat.com/errata/RHSA-2022:6822
reference_id RHSA-2022:6822
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6822
8
reference_url https://access.redhat.com/errata/RHSA-2022:6823
reference_id RHSA-2022:6823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6823
9
reference_url https://access.redhat.com/errata/RHSA-2022:6825
reference_id RHSA-2022:6825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6825
10
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
fixed_packages
0
url pkg:deb/debian/undertow@0?distro=sid
purl pkg:deb/debian/undertow@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@0%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2022-1259
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62gn-nwup-8uat
11
url VCID-73st-24ck-uydb
vulnerability_id VCID-73st-24ck-uydb
summary 
HTTP Request Smuggling in Undertow
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.3121
published_at 2026-04-24T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31387
published_at 2026-04-07T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.3144
published_at 2026-04-08T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31471
published_at 2026-04-09T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31474
published_at 2026-04-11T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31432
published_at 2026-04-12T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31396
published_at 2026-04-13T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31429
published_at 2026-04-16T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31409
published_at 2026-04-18T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.3138
published_at 2026-04-21T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.3139
published_at 2026-04-01T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31527
published_at 2026-04-02T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.3157
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
3
reference_url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0015
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0015
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0015/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0015/
7
reference_url https://github.com/advisories/GHSA-p9w3-gwc2-cr49
reference_id GHSA-p9w3-gwc2-cr49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9w3-gwc2-cr49
8
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
9
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
10
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
11
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
12
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
fixed_packages
0
url pkg:deb/debian/undertow@2.2.0-1?distro=sid
purl pkg:deb/debian/undertow@2.2.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.0-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-10687, GHSA-p9w3-gwc2-cr49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73st-24ck-uydb
12
url VCID-77xn-dtdn-hfa2
vulnerability_id VCID-77xn-dtdn-hfa2
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.80442
published_at 2026-04-24T12:55:00Z
1
value 0.01394
scoring_system epss
scoring_elements 0.80389
published_at 2026-04-12T12:55:00Z
2
value 0.01394
scoring_system epss
scoring_elements 0.80382
published_at 2026-04-13T12:55:00Z
3
value 0.01394
scoring_system epss
scoring_elements 0.80411
published_at 2026-04-16T12:55:00Z
4
value 0.01394
scoring_system epss
scoring_elements 0.80412
published_at 2026-04-18T12:55:00Z
5
value 0.01394
scoring_system epss
scoring_elements 0.80416
published_at 2026-04-21T12:55:00Z
6
value 0.01394
scoring_system epss
scoring_elements 0.8033
published_at 2026-04-01T12:55:00Z
7
value 0.01394
scoring_system epss
scoring_elements 0.80337
published_at 2026-04-02T12:55:00Z
8
value 0.01394
scoring_system epss
scoring_elements 0.80357
published_at 2026-04-04T12:55:00Z
9
value 0.01394
scoring_system epss
scoring_elements 0.80346
published_at 2026-04-07T12:55:00Z
10
value 0.01394
scoring_system epss
scoring_elements 0.80375
published_at 2026-04-08T12:55:00Z
11
value 0.01394
scoring_system epss
scoring_elements 0.80385
published_at 2026-04-09T12:55:00Z
12
value 0.01394
scoring_system epss
scoring_elements 0.80404
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
6
reference_url https://github.com/advisories/GHSA-mcfm-h73v-635m
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mcfm-h73v-635m
7
reference_url http://www.securityfocus.com/bid/98966
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98966
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
reference_id 1436163
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
reference_id CVE-2017-2666
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
11
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
0
url pkg:deb/debian/undertow@1.4.18-1?distro=sid
purl pkg:deb/debian/undertow@1.4.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-2666, GHSA-mcfm-h73v-635m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77xn-dtdn-hfa2
13
url VCID-7ec2-9kmy-77eh
vulnerability_id VCID-7ec2-9kmy-77eh
summary It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72243
published_at 2026-04-24T12:55:00Z
1
value 0.00707
scoring_system epss
scoring_elements 0.72122
published_at 2026-04-07T12:55:00Z
2
value 0.00707
scoring_system epss
scoring_elements 0.72159
published_at 2026-04-08T12:55:00Z
3
value 0.00707
scoring_system epss
scoring_elements 0.72171
published_at 2026-04-09T12:55:00Z
4
value 0.00707
scoring_system epss
scoring_elements 0.72193
published_at 2026-04-11T12:55:00Z
5
value 0.00707
scoring_system epss
scoring_elements 0.72177
published_at 2026-04-12T12:55:00Z
6
value 0.00707
scoring_system epss
scoring_elements 0.72163
published_at 2026-04-13T12:55:00Z
7
value 0.00707
scoring_system epss
scoring_elements 0.72205
published_at 2026-04-16T12:55:00Z
8
value 0.00707
scoring_system epss
scoring_elements 0.72214
published_at 2026-04-18T12:55:00Z
9
value 0.00707
scoring_system epss
scoring_elements 0.72199
published_at 2026-04-21T12:55:00Z
10
value 0.00707
scoring_system epss
scoring_elements 0.72118
published_at 2026-04-01T12:55:00Z
11
value 0.00707
scoring_system epss
scoring_elements 0.72124
published_at 2026-04-02T12:55:00Z
12
value 0.00707
scoring_system epss
scoring_elements 0.72144
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
5
reference_url https://bugs.openjdk.java.net/browse/JDK-6956385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.openjdk.java.net/browse/JDK-6956385
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
7
reference_url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
8
reference_url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
9
reference_url https://issues.jboss.org/browse/UNDERTOW-1338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1338
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
reference_id 1573045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id 897247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
reference_id CVE-2018-1114
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
13
reference_url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
reference_id GHSA-gjjx-gqm4-wcgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
fixed_packages
0
url pkg:deb/debian/undertow@1.4.25-1?distro=sid
purl pkg:deb/debian/undertow@1.4.25-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.25-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ec2-9kmy-77eh
14
url VCID-7yc7-e35f-8uhj
vulnerability_id VCID-7yc7-e35f-8uhj
summary 
Uncontrolled Resource Consumption
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:4505
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4505
1
reference_url https://access.redhat.com/errata/RHSA-2023:4506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4506
2
reference_url https://access.redhat.com/errata/RHSA-2023:4507
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4507
3
reference_url https://access.redhat.com/errata/RHSA-2023:4509
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4509
4
reference_url https://access.redhat.com/errata/RHSA-2023:4918
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4918
5
reference_url https://access.redhat.com/errata/RHSA-2023:4919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4919
6
reference_url https://access.redhat.com/errata/RHSA-2023:4920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4920
7
reference_url https://access.redhat.com/errata/RHSA-2023:4921
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4921
8
reference_url https://access.redhat.com/errata/RHSA-2023:4924
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4924
9
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:7247
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3223
reference_id
reference_type
scores
0
value 0.00879
scoring_system epss
scoring_elements 0.75417
published_at 2026-04-24T12:55:00Z
1
value 0.00879
scoring_system epss
scoring_elements 0.75296
published_at 2026-04-02T12:55:00Z
2
value 0.00879
scoring_system epss
scoring_elements 0.75328
published_at 2026-04-04T12:55:00Z
3
value 0.00879
scoring_system epss
scoring_elements 0.75305
published_at 2026-04-07T12:55:00Z
4
value 0.00879
scoring_system epss
scoring_elements 0.75348
published_at 2026-04-08T12:55:00Z
5
value 0.00879
scoring_system epss
scoring_elements 0.75358
published_at 2026-04-09T12:55:00Z
6
value 0.00879
scoring_system epss
scoring_elements 0.75379
published_at 2026-04-11T12:55:00Z
7
value 0.00879
scoring_system epss
scoring_elements 0.75357
published_at 2026-04-12T12:55:00Z
8
value 0.00879
scoring_system epss
scoring_elements 0.75346
published_at 2026-04-13T12:55:00Z
9
value 0.00879
scoring_system epss
scoring_elements 0.75386
published_at 2026-04-16T12:55:00Z
10
value 0.00879
scoring_system epss
scoring_elements 0.75392
published_at 2026-04-18T12:55:00Z
11
value 0.00879
scoring_system epss
scoring_elements 0.75383
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3223
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209689
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2209689
13
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
14
reference_url https://security.netapp.com/advisory/ntap-20231027-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231027-0004
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893
reference_id 1054893
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
reference_id cpe:/a:redhat:openstack-optools:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
37
reference_url https://access.redhat.com/security/cve/CVE-2023-3223
reference_id CVE-2023-3223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/security/cve/CVE-2023-3223
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3223
reference_id CVE-2023-3223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3223
39
reference_url https://github.com/advisories/GHSA-65h2-wf7m-q2v8
reference_id GHSA-65h2-wf7m-q2v8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65h2-wf7m-q2v8
40
reference_url https://security.netapp.com/advisory/ntap-20231027-0004/
reference_id ntap-20231027-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://security.netapp.com/advisory/ntap-20231027-0004/
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2023-3223, GHSA-65h2-wf7m-q2v8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7yc7-e35f-8uhj
15
url VCID-93ut-2de3-ckc5
vulnerability_id VCID-93ut-2de3-ckc5
summary undertow: Double AJP response for 400 from EAP 7 results in CPING failures
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
reference_id
reference_type
scores
0
value 0.01193
scoring_system epss
scoring_elements 0.78805
published_at 2026-04-01T12:55:00Z
1
value 0.01193
scoring_system epss
scoring_elements 0.78812
published_at 2026-04-02T12:55:00Z
2
value 0.01193
scoring_system epss
scoring_elements 0.78841
published_at 2026-04-04T12:55:00Z
3
value 0.01193
scoring_system epss
scoring_elements 0.78825
published_at 2026-04-07T12:55:00Z
4
value 0.01193
scoring_system epss
scoring_elements 0.7885
published_at 2026-04-08T12:55:00Z
5
value 0.01193
scoring_system epss
scoring_elements 0.78856
published_at 2026-04-09T12:55:00Z
6
value 0.01193
scoring_system epss
scoring_elements 0.78879
published_at 2026-04-18T12:55:00Z
7
value 0.01193
scoring_system epss
scoring_elements 0.78862
published_at 2026-04-12T12:55:00Z
8
value 0.01193
scoring_system epss
scoring_elements 0.78853
published_at 2026-04-13T12:55:00Z
9
value 0.01193
scoring_system epss
scoring_elements 0.78881
published_at 2026-04-16T12:55:00Z
10
value 0.01193
scoring_system epss
scoring_elements 0.78875
published_at 2026-04-21T12:55:00Z
11
value 0.01193
scoring_system epss
scoring_elements 0.78904
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
2
reference_url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
3
reference_url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
4
reference_url https://issues.redhat.com/browse/UNDERTOW-2060
reference_id
reference_type
scores
url https://issues.redhat.com/browse/UNDERTOW-2060
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
reference_id 2073890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
7
reference_url https://access.redhat.com/security/cve/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1319
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
9
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
10
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
11
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
12
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
13
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
14
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
15
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
16
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
17
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
fixed_packages
0
url pkg:deb/debian/undertow@2.2.17-1?distro=sid
purl pkg:deb/debian/undertow@2.2.17-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.17-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2022-1319
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93ut-2de3-ckc5
16
url VCID-9zut-79gt-1bgy
vulnerability_id VCID-9zut-79gt-1bgy
summary It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90688
published_at 2026-04-24T12:55:00Z
1
value 0.05972
scoring_system epss
scoring_elements 0.90665
published_at 2026-04-12T12:55:00Z
2
value 0.05972
scoring_system epss
scoring_elements 0.90659
published_at 2026-04-13T12:55:00Z
3
value 0.05972
scoring_system epss
scoring_elements 0.90678
published_at 2026-04-16T12:55:00Z
4
value 0.05972
scoring_system epss
scoring_elements 0.90676
published_at 2026-04-18T12:55:00Z
5
value 0.05972
scoring_system epss
scoring_elements 0.90673
published_at 2026-04-21T12:55:00Z
6
value 0.05972
scoring_system epss
scoring_elements 0.90617
published_at 2026-04-01T12:55:00Z
7
value 0.05972
scoring_system epss
scoring_elements 0.90621
published_at 2026-04-02T12:55:00Z
8
value 0.05972
scoring_system epss
scoring_elements 0.90631
published_at 2026-04-04T12:55:00Z
9
value 0.05972
scoring_system epss
scoring_elements 0.90639
published_at 2026-04-07T12:55:00Z
10
value 0.05972
scoring_system epss
scoring_elements 0.9065
published_at 2026-04-08T12:55:00Z
11
value 0.05972
scoring_system epss
scoring_elements 0.90656
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
6
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
7
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
8
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
reference_id 1438885
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
12
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
0
url pkg:deb/debian/undertow@1.4.18-1?distro=sid
purl pkg:deb/debian/undertow@1.4.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zut-79gt-1bgy
17
url VCID-ay2f-3xcv-dqdc
vulnerability_id VCID-ay2f-3xcv-dqdc
summary 
Improper Neutralization of CRLF Sequences in HTTP Headers
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-1838.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1838.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1839.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1839.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1840.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1840.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1841.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1841.html
4
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3454
5
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3455
6
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3456
7
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3458
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
reference_id
reference_type
scores
0
value 0.01476
scoring_system epss
scoring_elements 0.81022
published_at 2026-04-24T12:55:00Z
1
value 0.01476
scoring_system epss
scoring_elements 0.80935
published_at 2026-04-04T12:55:00Z
2
value 0.01476
scoring_system epss
scoring_elements 0.80932
published_at 2026-04-07T12:55:00Z
3
value 0.01476
scoring_system epss
scoring_elements 0.8096
published_at 2026-04-08T12:55:00Z
4
value 0.01476
scoring_system epss
scoring_elements 0.80967
published_at 2026-04-09T12:55:00Z
5
value 0.01476
scoring_system epss
scoring_elements 0.80984
published_at 2026-04-11T12:55:00Z
6
value 0.01476
scoring_system epss
scoring_elements 0.8097
published_at 2026-04-12T12:55:00Z
7
value 0.01476
scoring_system epss
scoring_elements 0.80962
published_at 2026-04-13T12:55:00Z
8
value 0.01476
scoring_system epss
scoring_elements 0.80999
published_at 2026-04-16T12:55:00Z
9
value 0.01476
scoring_system epss
scoring_elements 0.81
published_at 2026-04-21T12:55:00Z
10
value 0.01476
scoring_system epss
scoring_elements 0.80904
published_at 2026-04-01T12:55:00Z
11
value 0.01476
scoring_system epss
scoring_elements 0.80913
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
11
reference_url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
12
reference_url https://issues.redhat.com/browse/UNDERTOW-827
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-827
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
14
reference_url https://access.redhat.com/security/cve/CVE-2016-4993
reference_id CVE-2016-4993
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2016-4993
15
reference_url https://github.com/advisories/GHSA-qcqr-hcjq-whfq
reference_id GHSA-qcqr-hcjq-whfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcqr-hcjq-whfq
16
reference_url https://access.redhat.com/errata/RHSA-2016:1838
reference_id RHSA-2016:1838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1838
17
reference_url https://access.redhat.com/errata/RHSA-2016:1839
reference_id RHSA-2016:1839
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1839
18
reference_url https://access.redhat.com/errata/RHSA-2016:1840
reference_id RHSA-2016:1840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1840
19
reference_url https://access.redhat.com/errata/RHSA-2016:1841
reference_id RHSA-2016:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1841
fixed_packages
0
url pkg:deb/debian/undertow@1.4.3-1?distro=sid
purl pkg:deb/debian/undertow@1.4.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.3-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2016-4993, GHSA-qcqr-hcjq-whfq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay2f-3xcv-dqdc
18
url VCID-beaj-uk9m-17be
vulnerability_id VCID-beaj-uk9m-17be
summary 
Denial of service in Undertow
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27782
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39641
published_at 2026-04-24T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39928
published_at 2026-04-11T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.3985
published_at 2026-04-07T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39905
published_at 2026-04-08T12:55:00Z
4
value 0.00182
scoring_system epss
scoring_elements 0.39918
published_at 2026-04-09T12:55:00Z
5
value 0.00182
scoring_system epss
scoring_elements 0.39893
published_at 2026-04-12T12:55:00Z
6
value 0.00182
scoring_system epss
scoring_elements 0.39873
published_at 2026-04-13T12:55:00Z
7
value 0.00182
scoring_system epss
scoring_elements 0.39924
published_at 2026-04-16T12:55:00Z
8
value 0.00182
scoring_system epss
scoring_elements 0.39895
published_at 2026-04-18T12:55:00Z
9
value 0.00182
scoring_system epss
scoring_elements 0.39815
published_at 2026-04-21T12:55:00Z
10
value 0.00182
scoring_system epss
scoring_elements 0.39751
published_at 2026-04-01T12:55:00Z
11
value 0.00182
scoring_system epss
scoring_elements 0.399
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27782
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1901304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1901304
3
reference_url https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
4
reference_url https://issues.redhat.com/browse/UNDERTOW-1813
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1813
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27782
6
reference_url https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
reference_id GHSA-rhcw-wjcm-9h6g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
7
reference_url https://access.redhat.com/errata/RHSA-2021:0246
reference_id RHSA-2021:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0246
8
reference_url https://access.redhat.com/errata/RHSA-2021:0247
reference_id RHSA-2021:0247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0247
9
reference_url https://access.redhat.com/errata/RHSA-2021:0248
reference_id RHSA-2021:0248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0248
10
reference_url https://access.redhat.com/errata/RHSA-2021:0250
reference_id RHSA-2021:0250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0250
11
reference_url https://access.redhat.com/errata/RHSA-2021:0295
reference_id RHSA-2021:0295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0295
12
reference_url https://access.redhat.com/errata/RHSA-2021:0327
reference_id RHSA-2021:0327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0327
13
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
14
reference_url https://access.redhat.com/errata/RHSA-2021:3207
reference_id RHSA-2021:3207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3207
15
reference_url https://access.redhat.com/errata/RHSA-2021:3425
reference_id RHSA-2021:3425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3425
16
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:deb/debian/undertow@2.2.4-1?distro=sid
purl pkg:deb/debian/undertow@2.2.4-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.4-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-27782, GHSA-rhcw-wjcm-9h6g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-beaj-uk9m-17be
19
url VCID-bhrz-ea7j-k3bh
vulnerability_id VCID-bhrz-ea7j-k3bh
summary 
Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00577
scoring_system epss
scoring_elements 0.68879
published_at 2026-04-24T12:55:00Z
1
value 0.00577
scoring_system epss
scoring_elements 0.68775
published_at 2026-04-04T12:55:00Z
2
value 0.00577
scoring_system epss
scoring_elements 0.68753
published_at 2026-04-07T12:55:00Z
3
value 0.00577
scoring_system epss
scoring_elements 0.68804
published_at 2026-04-08T12:55:00Z
4
value 0.00577
scoring_system epss
scoring_elements 0.68823
published_at 2026-04-09T12:55:00Z
5
value 0.00577
scoring_system epss
scoring_elements 0.68846
published_at 2026-04-11T12:55:00Z
6
value 0.00577
scoring_system epss
scoring_elements 0.68831
published_at 2026-04-21T12:55:00Z
7
value 0.00577
scoring_system epss
scoring_elements 0.68802
published_at 2026-04-13T12:55:00Z
8
value 0.00577
scoring_system epss
scoring_elements 0.68843
published_at 2026-04-16T12:55:00Z
9
value 0.00577
scoring_system epss
scoring_elements 0.68853
published_at 2026-04-18T12:55:00Z
10
value 0.00577
scoring_system epss
scoring_elements 0.68736
published_at 2026-04-01T12:55:00Z
11
value 0.00577
scoring_system epss
scoring_elements 0.68755
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
7
reference_url https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0019/
8
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id 1693777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
12
reference_url https://github.com/advisories/GHSA-jwgx-9mmh-684w
reference_id GHSA-jwgx-9mmh-684w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwgx-9mmh-684w
13
reference_url https://access.redhat.com/errata/RHSA-2019:1419
reference_id RHSA-2019:1419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1419
14
reference_url https://access.redhat.com/errata/RHSA-2019:1420
reference_id RHSA-2019:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1420
15
reference_url https://access.redhat.com/errata/RHSA-2019:1421
reference_id RHSA-2019:1421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1421
16
reference_url https://access.redhat.com/errata/RHSA-2019:1424
reference_id RHSA-2019:1424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1424
17
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhrz-ea7j-k3bh
20
url VCID-bm42-byxp-2kb5
vulnerability_id VCID-bm42-byxp-2kb5
summary In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1247
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1247
1
reference_url https://access.redhat.com/errata/RHSA-2018:1248
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1248
2
reference_url https://access.redhat.com/errata/RHSA-2018:1249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1249
3
reference_url https://access.redhat.com/errata/RHSA-2018:1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1251
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70274
published_at 2026-04-24T12:55:00Z
1
value 0.00626
scoring_system epss
scoring_elements 0.70198
published_at 2026-04-09T12:55:00Z
2
value 0.00626
scoring_system epss
scoring_elements 0.70221
published_at 2026-04-11T12:55:00Z
3
value 0.00626
scoring_system epss
scoring_elements 0.70206
published_at 2026-04-12T12:55:00Z
4
value 0.00626
scoring_system epss
scoring_elements 0.70193
published_at 2026-04-13T12:55:00Z
5
value 0.00626
scoring_system epss
scoring_elements 0.70234
published_at 2026-04-16T12:55:00Z
6
value 0.00626
scoring_system epss
scoring_elements 0.70243
published_at 2026-04-18T12:55:00Z
7
value 0.00626
scoring_system epss
scoring_elements 0.70222
published_at 2026-04-21T12:55:00Z
8
value 0.00626
scoring_system epss
scoring_elements 0.70128
published_at 2026-04-01T12:55:00Z
9
value 0.00626
scoring_system epss
scoring_elements 0.70141
published_at 2026-04-02T12:55:00Z
10
value 0.00626
scoring_system epss
scoring_elements 0.70157
published_at 2026-04-04T12:55:00Z
11
value 0.00626
scoring_system epss
scoring_elements 0.70134
published_at 2026-04-07T12:55:00Z
12
value 0.00626
scoring_system epss
scoring_elements 0.70182
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
9
reference_url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
10
reference_url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
reference_id 1550671
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id 900323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
reference_id CVE-2018-1067
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
19
reference_url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id GHSA-47mp-rq2x-wjf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
20
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:deb/debian/undertow@1.4.25-1?distro=sid
purl pkg:deb/debian/undertow@1.4.25-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.25-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bm42-byxp-2kb5
21
url VCID-bpuw-kn4r-6kau
vulnerability_id VCID-bpuw-kn4r-6kau
summary 
HTTP request smuggling in Undertow
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39632
published_at 2026-04-24T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39843
published_at 2026-04-07T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39898
published_at 2026-04-08T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39911
published_at 2026-04-09T12:55:00Z
4
value 0.00182
scoring_system epss
scoring_elements 0.39921
published_at 2026-04-11T12:55:00Z
5
value 0.00182
scoring_system epss
scoring_elements 0.39886
published_at 2026-04-12T12:55:00Z
6
value 0.00182
scoring_system epss
scoring_elements 0.39866
published_at 2026-04-13T12:55:00Z
7
value 0.00182
scoring_system epss
scoring_elements 0.39916
published_at 2026-04-16T12:55:00Z
8
value 0.00182
scoring_system epss
scoring_elements 0.39887
published_at 2026-04-18T12:55:00Z
9
value 0.00182
scoring_system epss
scoring_elements 0.39807
published_at 2026-04-21T12:55:00Z
10
value 0.00182
scoring_system epss
scoring_elements 0.39744
published_at 2026-04-01T12:55:00Z
11
value 0.00182
scoring_system epss
scoring_elements 0.39892
published_at 2026-04-02T12:55:00Z
12
value 0.00182
scoring_system epss
scoring_elements 0.3992
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
3
reference_url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0013
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0013
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0013/
7
reference_url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
reference_id GHSA-qjwc-v72v-fq6r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
8
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
9
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
10
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
11
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
12
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
13
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
14
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
fixed_packages
0
url pkg:deb/debian/undertow@2.2.0-1?distro=sid
purl pkg:deb/debian/undertow@2.2.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.0-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpuw-kn4r-6kau
22
url VCID-brsa-ygcs-wudx
vulnerability_id VCID-brsa-ygcs-wudx
summary 
Undertow Denial of Service vulnerability
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected `0\r\n` termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:4392
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:4392
1
reference_url https://access.redhat.com/errata/RHSA-2024:4884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:4884
2
reference_url https://access.redhat.com/errata/RHSA-2024:5143
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:5143
3
reference_url https://access.redhat.com/errata/RHSA-2024:5144
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:5144
4
reference_url https://access.redhat.com/errata/RHSA-2024:5145
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:5145
5
reference_url https://access.redhat.com/errata/RHSA-2024:5147
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:5147
6
reference_url https://access.redhat.com/errata/RHSA-2024:6508
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:6508
7
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/errata/RHSA-2024:6883
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json
9
reference_url https://access.redhat.com/security/cve/CVE-2024-5971
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://access.redhat.com/security/cve/CVE-2024-5971
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5971
reference_id
reference_type
scores
0
value 0.03699
scoring_system epss
scoring_elements 0.87981
published_at 2026-04-24T12:55:00Z
1
value 0.03699
scoring_system epss
scoring_elements 0.87904
published_at 2026-04-02T12:55:00Z
2
value 0.03699
scoring_system epss
scoring_elements 0.87917
published_at 2026-04-04T12:55:00Z
3
value 0.03699
scoring_system epss
scoring_elements 0.87921
published_at 2026-04-07T12:55:00Z
4
value 0.03699
scoring_system epss
scoring_elements 0.87941
published_at 2026-04-08T12:55:00Z
5
value 0.03699
scoring_system epss
scoring_elements 0.87948
published_at 2026-04-09T12:55:00Z
6
value 0.03699
scoring_system epss
scoring_elements 0.87959
published_at 2026-04-11T12:55:00Z
7
value 0.03699
scoring_system epss
scoring_elements 0.87951
published_at 2026-04-12T12:55:00Z
8
value 0.03699
scoring_system epss
scoring_elements 0.8795
published_at 2026-04-13T12:55:00Z
9
value 0.03699
scoring_system epss
scoring_elements 0.87965
published_at 2026-04-18T12:55:00Z
10
value 0.03699
scoring_system epss
scoring_elements 0.87964
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5971
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2292211
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2292211
12
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
13
reference_url https://github.com/undertow-io/undertow/pull/1638
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1638
14
reference_url https://github.com/undertow-io/undertow/pull/1640
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1640
15
reference_url https://github.com/undertow-io/undertow/pull/1641
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1641
16
reference_url https://issues.redhat.com/browse/UNDERTOW-2413
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2413
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5971
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5971
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077545
reference_id 1077545
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077545
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_id cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id cpe:/a:redhat:quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
39
reference_url https://github.com/advisories/GHSA-xpp6-8r3j-ww43
reference_id GHSA-xpp6-8r3j-ww43
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpp6-8r3j-ww43
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-5971, GHSA-xpp6-8r3j-ww43
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brsa-ygcs-wudx
23
url VCID-bsd5-k44s-buhu
vulnerability_id VCID-bsd5-k44s-buhu
summary 
Undertow Missing Release of Memory after Effective Lifetime vulnerability
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:4392
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:4392
1
reference_url https://access.redhat.com/errata/RHSA-2024:5143
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:5143
2
reference_url https://access.redhat.com/errata/RHSA-2024:5144
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:5144
3
reference_url https://access.redhat.com/errata/RHSA-2024:5145
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:5145
4
reference_url https://access.redhat.com/errata/RHSA-2024:5147
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:5147
5
reference_url https://access.redhat.com/errata/RHSA-2024:6437
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/errata/RHSA-2024:6437
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3653.json
7
reference_url https://access.redhat.com/security/cve/CVE-2024-3653
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://access.redhat.com/security/cve/CVE-2024-3653
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3653
reference_id
reference_type
scores
0
value 0.04428
scoring_system epss
scoring_elements 0.89063
published_at 2026-04-24T12:55:00Z
1
value 0.04428
scoring_system epss
scoring_elements 0.88991
published_at 2026-04-02T12:55:00Z
2
value 0.04428
scoring_system epss
scoring_elements 0.89006
published_at 2026-04-04T12:55:00Z
3
value 0.04428
scoring_system epss
scoring_elements 0.89009
published_at 2026-04-07T12:55:00Z
4
value 0.04428
scoring_system epss
scoring_elements 0.89027
published_at 2026-04-08T12:55:00Z
5
value 0.04428
scoring_system epss
scoring_elements 0.89032
published_at 2026-04-09T12:55:00Z
6
value 0.04428
scoring_system epss
scoring_elements 0.89044
published_at 2026-04-11T12:55:00Z
7
value 0.04428
scoring_system epss
scoring_elements 0.8904
published_at 2026-04-12T12:55:00Z
8
value 0.04428
scoring_system epss
scoring_elements 0.89037
published_at 2026-04-13T12:55:00Z
9
value 0.04428
scoring_system epss
scoring_elements 0.89051
published_at 2026-04-16T12:55:00Z
10
value 0.04428
scoring_system epss
scoring_elements 0.8905
published_at 2026-04-18T12:55:00Z
11
value 0.04428
scoring_system epss
scoring_elements 0.89046
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3653
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2274437
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2274437
10
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
11
reference_url https://github.com/undertow-io/undertow/pull/1639
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1639
12
reference_url https://github.com/undertow-io/undertow/pull/1640
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1640
13
reference_url https://github.com/undertow-io/undertow/pull/1641
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1641
14
reference_url https://issues.redhat.com/browse/UNDERTOW-2382
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2382
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3653
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3653
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077547
reference_id 1077547
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077547
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
reference_id cpe:/a:redhat:amq_streams:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
reference_id cpe:/a:redhat:camel_quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:3
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
reference_id cpe:/a:redhat:camel_spring_boot:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
reference_id cpe:/a:redhat:jboss_fuse_service_works:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
reference_id cpe:/a:redhat:optaplanner:::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.8::el8
reference_id cpe:/a:redhat:quarkus:3.8::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.8::el8
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
41
reference_url https://github.com/advisories/GHSA-ch7q-gpff-h9hp
reference_id GHSA-ch7q-gpff-h9hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch7q-gpff-h9hp
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-3653, GHSA-ch7q-gpff-h9hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsd5-k44s-buhu
24
url VCID-cf5j-2dz8-7bbu
vulnerability_id VCID-cf5j-2dz8-7bbu
summary 
Undertow vulnerable to Denial of Service (DoS) attacks
Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json
1
reference_url https://access.redhat.com/security/cve/cve-2021-3859
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-3859
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3859
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.54157
published_at 2026-04-18T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54115
published_at 2026-04-13T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.54135
published_at 2026-04-12T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54154
published_at 2026-04-16T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-09T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54106
published_at 2026-04-08T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54103
published_at 2026-04-24T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54138
published_at 2026-04-21T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54054
published_at 2026-04-07T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.5408
published_at 2026-04-04T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54051
published_at 2026-04-02T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54034
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3859
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2010378
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2010378
4
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
5
reference_url https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
6
reference_url https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
7
reference_url https://github.com/undertow-io/undertow/pull/1296
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1296
8
reference_url https://issues.redhat.com/browse/UNDERTOW-1979
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1979
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3859
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3859
10
reference_url https://security.netapp.com/advisory/ntap-20221201-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221201-0004
11
reference_url https://security.netapp.com/advisory/ntap-20221201-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221201-0004/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983
reference_id 1015983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983
13
reference_url https://access.redhat.com/security/cve/CVE-2021-3859
reference_id CVE-2021-3859
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2021-3859
14
reference_url https://github.com/advisories/GHSA-339q-62wm-c39w
reference_id GHSA-339q-62wm-c39w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-339q-62wm-c39w
15
reference_url https://access.redhat.com/errata/RHSA-2022:0400
reference_id RHSA-2022:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0400
16
reference_url https://access.redhat.com/errata/RHSA-2022:0401
reference_id RHSA-2022:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0401
17
reference_url https://access.redhat.com/errata/RHSA-2022:0404
reference_id RHSA-2022:0404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0404
18
reference_url https://access.redhat.com/errata/RHSA-2022:0405
reference_id RHSA-2022:0405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0405
19
reference_url https://access.redhat.com/errata/RHSA-2022:0406
reference_id RHSA-2022:0406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0406
20
reference_url https://access.redhat.com/errata/RHSA-2022:0407
reference_id RHSA-2022:0407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0407
21
reference_url https://access.redhat.com/errata/RHSA-2022:0408
reference_id RHSA-2022:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0408
22
reference_url https://access.redhat.com/errata/RHSA-2022:0409
reference_id RHSA-2022:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0409
23
reference_url https://access.redhat.com/errata/RHSA-2022:0410
reference_id RHSA-2022:0410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0410
24
reference_url https://access.redhat.com/errata/RHSA-2022:0415
reference_id RHSA-2022:0415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0415
25
reference_url https://access.redhat.com/errata/RHSA-2022:0447
reference_id RHSA-2022:0447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0447
26
reference_url https://access.redhat.com/errata/RHSA-2022:0448
reference_id RHSA-2022:0448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0448
27
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
28
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:deb/debian/undertow@2.2.16-1?distro=sid
purl pkg:deb/debian/undertow@2.2.16-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.16-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2021-3859, GHSA-339q-62wm-c39w, GMS-2022-2963
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf5j-2dz8-7bbu
25
url VCID-d3ty-z2dg-vka1
vulnerability_id VCID-d3ty-z2dg-vka1
summary 
Undertow incorrectly parses cookies
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:1674
1
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:1675
2
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:1676
3
reference_url https://access.redhat.com/errata/RHSA-2024:1677
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:1677
4
reference_url https://access.redhat.com/errata/RHSA-2024:2763
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:2763
5
reference_url https://access.redhat.com/errata/RHSA-2024:2764
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:2764
6
reference_url https://access.redhat.com/errata/RHSA-2024:3919
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/errata/RHSA-2024:3919
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4639.json
8
reference_url https://access.redhat.com/security/cve/CVE-2023-4639
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://access.redhat.com/security/cve/CVE-2023-4639
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4639
reference_id
reference_type
scores
0
value 0.05558
scoring_system epss
scoring_elements 0.90238
published_at 2026-04-02T12:55:00Z
1
value 0.05558
scoring_system epss
scoring_elements 0.90251
published_at 2026-04-04T12:55:00Z
2
value 0.05558
scoring_system epss
scoring_elements 0.90255
published_at 2026-04-07T12:55:00Z
3
value 0.0736
scoring_system epss
scoring_elements 0.91734
published_at 2026-04-16T12:55:00Z
4
value 0.0736
scoring_system epss
scoring_elements 0.91713
published_at 2026-04-13T12:55:00Z
5
value 0.0736
scoring_system epss
scoring_elements 0.91717
published_at 2026-04-12T12:55:00Z
6
value 0.0736
scoring_system epss
scoring_elements 0.91715
published_at 2026-04-11T12:55:00Z
7
value 0.0736
scoring_system epss
scoring_elements 0.91711
published_at 2026-04-09T12:55:00Z
8
value 0.0736
scoring_system epss
scoring_elements 0.91704
published_at 2026-04-08T12:55:00Z
9
value 0.0736
scoring_system epss
scoring_elements 0.91733
published_at 2026-04-24T12:55:00Z
10
value 0.0736
scoring_system epss
scoring_elements 0.91728
published_at 2026-04-21T12:55:00Z
11
value 0.0736
scoring_system epss
scoring_elements 0.91726
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4639
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2166022
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:17:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2166022
11
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
12
reference_url https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1f93a979d2ac264798e5779b5b7172dfafe0066f
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4639
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4639
14
reference_url https://security.netapp.com/advisory/ntap-20250207-0001
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250207-0001
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063539
reference_id 1063539
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063539
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
reference_id cpe:/a:redhat:jboss_fuse_service_works:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
reference_id cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
39
reference_url https://github.com/advisories/GHSA-3jrv-jgp8-45v3
reference_id GHSA-3jrv-jgp8-45v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3jrv-jgp8-45v3
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2023-4639, GHSA-3jrv-jgp8-45v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3ty-z2dg-vka1
26
url VCID-df16-86dz-nfc9
vulnerability_id VCID-df16-86dz-nfc9
summary 
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:1194
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://access.redhat.com/errata/RHSA-2024:1194
1
reference_url https://access.redhat.com/errata/RHSA-2024:4386
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://access.redhat.com/errata/RHSA-2024:4386
2
reference_url https://access.redhat.com/errata/RHSA-2024:4884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://access.redhat.com/errata/RHSA-2024:4884
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6162.json
4
reference_url https://access.redhat.com/security/cve/CVE-2024-6162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://access.redhat.com/security/cve/CVE-2024-6162
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6162
reference_id
reference_type
scores
0
value 0.02024
scoring_system epss
scoring_elements 0.83785
published_at 2026-04-11T12:55:00Z
1
value 0.02024
scoring_system epss
scoring_elements 0.83722
published_at 2026-04-02T12:55:00Z
2
value 0.02024
scoring_system epss
scoring_elements 0.83779
published_at 2026-04-12T12:55:00Z
3
value 0.02024
scoring_system epss
scoring_elements 0.83775
published_at 2026-04-13T12:55:00Z
4
value 0.02024
scoring_system epss
scoring_elements 0.83809
published_at 2026-04-16T12:55:00Z
5
value 0.02024
scoring_system epss
scoring_elements 0.8381
published_at 2026-04-18T12:55:00Z
6
value 0.02024
scoring_system epss
scoring_elements 0.83811
published_at 2026-04-21T12:55:00Z
7
value 0.02024
scoring_system epss
scoring_elements 0.83739
published_at 2026-04-07T12:55:00Z
8
value 0.02024
scoring_system epss
scoring_elements 0.83835
published_at 2026-04-24T12:55:00Z
9
value 0.02024
scoring_system epss
scoring_elements 0.83769
published_at 2026-04-09T12:55:00Z
10
value 0.02024
scoring_system epss
scoring_elements 0.83763
published_at 2026-04-08T12:55:00Z
11
value 0.02024
scoring_system epss
scoring_elements 0.83736
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6162
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2293069
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2293069
7
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
8
reference_url https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
9
reference_url https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
10
reference_url https://github.com/undertow-io/undertow/pull/1612
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1612
11
reference_url https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/releases/tag/2.2.33.Final
12
reference_url https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final
13
reference_url https://issues.redhat.com/browse/JBEAP-26268
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:12:01Z/
url https://issues.redhat.com/browse/JBEAP-26268
14
reference_url https://issues.redhat.com/browse/UNDERTOW-2334
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2334
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6162
16
reference_url https://security.netapp.com/advisory/ntap-20241129-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241129-0009
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077546
reference_id 1077546
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077546
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
32
reference_url https://github.com/advisories/GHSA-9442-gm4v-r222
reference_id GHSA-9442-gm4v-r222
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9442-gm4v-r222
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-6162, GHSA-9442-gm4v-r222
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df16-86dz-nfc9
27
url VCID-dvxb-wu3m-xuaz
vulnerability_id VCID-dvxb-wu3m-xuaz
summary 
Improper Authorization in Undertoe
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
reference_id
reference_type
scores
0
value 0.00636
scoring_system epss
scoring_elements 0.70495
published_at 2026-04-24T12:55:00Z
1
value 0.00636
scoring_system epss
scoring_elements 0.70362
published_at 2026-04-02T12:55:00Z
2
value 0.00636
scoring_system epss
scoring_elements 0.70379
published_at 2026-04-04T12:55:00Z
3
value 0.00636
scoring_system epss
scoring_elements 0.70358
published_at 2026-04-07T12:55:00Z
4
value 0.00636
scoring_system epss
scoring_elements 0.70403
published_at 2026-04-08T12:55:00Z
5
value 0.00636
scoring_system epss
scoring_elements 0.70418
published_at 2026-04-09T12:55:00Z
6
value 0.00636
scoring_system epss
scoring_elements 0.70442
published_at 2026-04-11T12:55:00Z
7
value 0.00636
scoring_system epss
scoring_elements 0.70428
published_at 2026-04-12T12:55:00Z
8
value 0.00636
scoring_system epss
scoring_elements 0.70413
published_at 2026-04-13T12:55:00Z
9
value 0.00636
scoring_system epss
scoring_elements 0.70455
published_at 2026-04-16T12:55:00Z
10
value 0.00636
scoring_system epss
scoring_elements 0.70464
published_at 2026-04-18T12:55:00Z
11
value 0.00636
scoring_system epss
scoring_elements 0.70444
published_at 2026-04-21T12:55:00Z
12
value 0.00636
scoring_system epss
scoring_elements 0.7035
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
3
reference_url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
5
reference_url https://www.cnvd.org.cn/webinfo/show/5415
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cnvd.org.cn/webinfo/show/5415
6
reference_url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
reference_id 1807305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
8
reference_url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
reference_id CVE-2020-1938-APACHE-TOMCAT-AJP-CONNECTOR-REMOTE-CODE-EXECUTION-VULNERABILITY-ALERT
reference_type
scores
url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
9
reference_url https://github.com/advisories/GHSA-gv2w-88hx-8m9r
reference_id GHSA-gv2w-88hx-8m9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv2w-88hx-8m9r
10
reference_url https://access.redhat.com/errata/RHSA-2020:0812
reference_id RHSA-2020:0812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0812
11
reference_url https://access.redhat.com/errata/RHSA-2020:0813
reference_id RHSA-2020:0813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0813
12
reference_url https://access.redhat.com/errata/RHSA-2020:0952
reference_id RHSA-2020:0952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0952
13
reference_url https://access.redhat.com/errata/RHSA-2020:0961
reference_id RHSA-2020:0961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0961
14
reference_url https://access.redhat.com/errata/RHSA-2020:0962
reference_id RHSA-2020:0962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0962
15
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
16
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
17
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
18
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
19
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
20
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
21
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
22
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
23
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
24
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
25
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
26
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
27
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
28
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:deb/debian/undertow@2.0.30-1?distro=sid
purl pkg:deb/debian/undertow@2.0.30-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.30-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxb-wu3m-xuaz
28
url VCID-gsr8-1dea-effx
vulnerability_id VCID-gsr8-1dea-effx
summary 
undertow Race Condition vulnerability
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37903
published_at 2026-04-24T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38138
published_at 2026-04-07T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38188
published_at 2026-04-08T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38196
published_at 2026-04-09T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38215
published_at 2026-04-11T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.38179
published_at 2026-04-12T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38155
published_at 2026-04-13T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38201
published_at 2026-04-16T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38183
published_at 2026-04-18T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.38118
published_at 2026-04-21T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38066
published_at 2026-04-01T12:55:00Z
11
value 0.00169
scoring_system epss
scoring_elements 0.38246
published_at 2026-04-02T12:55:00Z
12
value 0.00169
scoring_system epss
scoring_elements 0.38269
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
5
reference_url https://security.netapp.com/advisory/ntap-20220804-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220804-0003
6
reference_url https://security.netapp.com/advisory/ntap-20220804-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220804-0003/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
reference_id 989861
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
8
reference_url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
reference_id GHSA-mfhv-gwf8-4m88
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
9
reference_url https://access.redhat.com/errata/RHSA-2021:3466
reference_id RHSA-2021:3466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3466
10
reference_url https://access.redhat.com/errata/RHSA-2021:3467
reference_id RHSA-2021:3467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3467
11
reference_url https://access.redhat.com/errata/RHSA-2021:3468
reference_id RHSA-2021:3468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3468
12
reference_url https://access.redhat.com/errata/RHSA-2021:3471
reference_id RHSA-2021:3471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3471
13
reference_url https://access.redhat.com/errata/RHSA-2021:3516
reference_id RHSA-2021:3516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3516
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
15
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
16
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
17
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
18
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
fixed_packages
0
url pkg:deb/debian/undertow@2.2.10-1?distro=sid
purl pkg:deb/debian/undertow@2.2.10-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.10-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2021-3597, GHSA-mfhv-gwf8-4m88
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsr8-1dea-effx
29
url VCID-hbg1-zqn4-hqcm
vulnerability_id VCID-hbg1-zqn4-hqcm
summary Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19343.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19343.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19343
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66182
published_at 2026-04-01T12:55:00Z
1
value 0.00507
scoring_system epss
scoring_elements 0.66223
published_at 2026-04-02T12:55:00Z
2
value 0.00507
scoring_system epss
scoring_elements 0.66249
published_at 2026-04-04T12:55:00Z
3
value 0.00507
scoring_system epss
scoring_elements 0.66219
published_at 2026-04-07T12:55:00Z
4
value 0.00507
scoring_system epss
scoring_elements 0.66267
published_at 2026-04-08T12:55:00Z
5
value 0.00507
scoring_system epss
scoring_elements 0.66281
published_at 2026-04-09T12:55:00Z
6
value 0.00507
scoring_system epss
scoring_elements 0.66301
published_at 2026-04-11T12:55:00Z
7
value 0.00507
scoring_system epss
scoring_elements 0.66288
published_at 2026-04-12T12:55:00Z
8
value 0.00507
scoring_system epss
scoring_elements 0.66257
published_at 2026-04-13T12:55:00Z
9
value 0.00507
scoring_system epss
scoring_elements 0.66291
published_at 2026-04-16T12:55:00Z
10
value 0.00507
scoring_system epss
scoring_elements 0.66307
published_at 2026-04-18T12:55:00Z
11
value 0.00507
scoring_system epss
scoring_elements 0.66292
published_at 2026-04-21T12:55:00Z
12
value 0.00507
scoring_system epss
scoring_elements 0.66316
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19343
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1780445
reference_id 1780445
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1780445
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948024
reference_id 948024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948024
4
reference_url https://access.redhat.com/errata/RHSA-2020:2565
reference_id RHSA-2020:2565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2565
5
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
fixed_packages
0
url pkg:deb/debian/undertow@2.0.25-1?distro=sid
purl pkg:deb/debian/undertow@2.0.25-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.25-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-19343
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbg1-zqn4-hqcm
30
url VCID-jz3d-vvfb-jfbw
vulnerability_id VCID-jz3d-vvfb-jfbw
summary 
Undertow client not checking server identity presented by server certificate in https connections
The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36237
published_at 2026-04-12T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.35956
published_at 2026-04-24T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36188
published_at 2026-04-21T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.3624
published_at 2026-04-18T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36256
published_at 2026-04-16T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36333
published_at 2026-04-02T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36213
published_at 2026-04-13T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36366
published_at 2026-04-04T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36201
published_at 2026-04-07T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36251
published_at 2026-04-08T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36269
published_at 2026-04-09T12:55:00Z
11
value 0.00155
scoring_system epss
scoring_elements 0.36274
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
3
reference_url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
4
reference_url https://github.com/undertow-io/undertow/pull/1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447
5
reference_url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
6
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
7
reference_url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
8
reference_url https://issues.redhat.com/browse/MTA-93
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/MTA-93
9
reference_url https://issues.redhat.com/browse/UNDERTOW-2212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2212
10
reference_url https://security.netapp.com/advisory/ntap-20230324-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230324-0002
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
reference_id 1032087
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
12
reference_url https://access.redhat.com/security/cve/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://access.redhat.com/security/cve/CVE-2022-4492
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
14
reference_url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
reference_id GHSA-pfcc-3g6r-8rg8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
15
reference_url https://security.netapp.com/advisory/ntap-20230324-0002/
reference_id ntap-20230324-0002
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://security.netapp.com/advisory/ntap-20230324-0002/
16
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
17
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
18
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
19
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
20
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
21
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
22
reference_url https://access.redhat.com/errata/RHSA-2023:3813
reference_id RHSA-2023:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3813
23
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
24
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
0
url pkg:deb/debian/undertow@2.3.8-2?distro=sid
purl pkg:deb/debian/undertow@2.3.8-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.8-2%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2022-4492, GHSA-pfcc-3g6r-8rg8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jz3d-vvfb-jfbw
31
url VCID-k6c9-mckm-cyhy
vulnerability_id VCID-k6c9-mckm-cyhy
summary 
HTTP Request Smuggling in Undertow
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37546
published_at 2026-04-24T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37854
published_at 2026-04-08T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37867
published_at 2026-04-16T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37881
published_at 2026-04-11T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37845
published_at 2026-04-12T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.3782
published_at 2026-04-13T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37847
published_at 2026-04-18T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37784
published_at 2026-04-21T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37719
published_at 2026-04-01T12:55:00Z
9
value 0.00167
scoring_system epss
scoring_elements 0.379
published_at 2026-04-02T12:55:00Z
10
value 0.00167
scoring_system epss
scoring_elements 0.37926
published_at 2026-04-04T12:55:00Z
11
value 0.00167
scoring_system epss
scoring_elements 0.37803
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
reference_id 1828459
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id 969913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
8
reference_url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
reference_id GHSA-cccf-7xw3-p2vr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
9
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
10
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
11
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
12
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
13
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
14
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
15
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
16
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
17
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
18
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
19
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
fixed_packages
0
url pkg:deb/debian/undertow@2.1.1-1?distro=sid
purl pkg:deb/debian/undertow@2.1.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.1.1-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6c9-mckm-cyhy
32
url VCID-ns3p-22xg-q3bz
vulnerability_id VCID-ns3p-22xg-q3bz
summary 
Undertow MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:23143
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2025:23143
1
reference_url https://access.redhat.com/errata/RHSA-2026:0383
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0383
2
reference_url https://access.redhat.com/errata/RHSA-2026:0384
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0384
3
reference_url https://access.redhat.com/errata/RHSA-2026:0386
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0386
4
reference_url https://access.redhat.com/errata/RHSA-2026:3889
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3889
5
reference_url https://access.redhat.com/errata/RHSA-2026:3891
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3891
6
reference_url https://access.redhat.com/errata/RHSA-2026:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3892
7
reference_url https://access.redhat.com/errata/RHSA-2026:4915
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4915
8
reference_url https://access.redhat.com/errata/RHSA-2026:4916
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4916
9
reference_url https://access.redhat.com/errata/RHSA-2026:4917
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4917
10
reference_url https://access.redhat.com/errata/RHSA-2026:4924
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4924
11
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json
12
reference_url https://access.redhat.com/security/cve/CVE-2025-9784
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/security/cve/CVE-2025-9784
13
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-9784
reference_id
reference_type
scores
0
value 0.01553
scoring_system epss
scoring_elements 0.81488
published_at 2026-04-24T12:55:00Z
1
value 0.01553
scoring_system epss
scoring_elements 0.81371
published_at 2026-04-02T12:55:00Z
2
value 0.01553
scoring_system epss
scoring_elements 0.81394
published_at 2026-04-04T12:55:00Z
3
value 0.01553
scoring_system epss
scoring_elements 0.81392
published_at 2026-04-07T12:55:00Z
4
value 0.01553
scoring_system epss
scoring_elements 0.8142
published_at 2026-04-08T12:55:00Z
5
value 0.01553
scoring_system epss
scoring_elements 0.81426
published_at 2026-04-09T12:55:00Z
6
value 0.01553
scoring_system epss
scoring_elements 0.81447
published_at 2026-04-11T12:55:00Z
7
value 0.01553
scoring_system epss
scoring_elements 0.81435
published_at 2026-04-12T12:55:00Z
8
value 0.01553
scoring_system epss
scoring_elements 0.81427
published_at 2026-04-13T12:55:00Z
9
value 0.01553
scoring_system epss
scoring_elements 0.81464
published_at 2026-04-16T12:55:00Z
10
value 0.01553
scoring_system epss
scoring_elements 0.81466
published_at 2026-04-18T12:55:00Z
11
value 0.01553
scoring_system epss
scoring_elements 0.81467
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-9784
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392306
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2392306
15
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
16
reference_url https://github.com/undertow-io/undertow/pull/1778
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://github.com/undertow-io/undertow/pull/1778
17
reference_url https://github.com/undertow-io/undertow/pull/1802
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1802
18
reference_url https://github.com/undertow-io/undertow/pull/1803
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1803
19
reference_url https://github.com/undertow-io/undertow/pull/1804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1804
20
reference_url https://github.com/undertow-io/undertow/pull/1805
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1805
21
reference_url https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
22
reference_url https://issues.redhat.com/browse/UNDERTOW-2598
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://issues.redhat.com/browse/UNDERTOW-2598
23
reference_url https://kb.cert.org/vuls/id/767506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://kb.cert.org/vuls/id/767506
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-9784
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-9784
25
reference_url https://www.kb.cert.org/vuls/id/767506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/767506
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694
reference_id 1117694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.14
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
46
reference_url https://github.com/advisories/GHSA-95h4-w6j8-2rp8
reference_id GHSA-95h4-w6j8-2rp8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95h4-w6j8-2rp8
fixed_packages
0
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2025-9784, GHSA-95h4-w6j8-2rp8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ns3p-22xg-q3bz
33
url VCID-ntaz-sckf-mubx
vulnerability_id VCID-ntaz-sckf-mubx
summary 
Information disclosure via directory traversal
Directory traversal vulnerability in this package when running on Windows, allows remote attackers to read arbitrary files via a `..` in a resource URI.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
reference_id
reference_type
scores
0
value 0.55155
scoring_system epss
scoring_elements 0.98052
published_at 2026-04-07T12:55:00Z
1
value 0.55155
scoring_system epss
scoring_elements 0.9805
published_at 2026-04-04T12:55:00Z
2
value 0.55155
scoring_system epss
scoring_elements 0.98056
published_at 2026-04-08T12:55:00Z
3
value 0.55155
scoring_system epss
scoring_elements 0.98065
published_at 2026-04-24T12:55:00Z
4
value 0.55155
scoring_system epss
scoring_elements 0.98068
published_at 2026-04-18T12:55:00Z
5
value 0.55155
scoring_system epss
scoring_elements 0.98063
published_at 2026-04-13T12:55:00Z
6
value 0.55155
scoring_system epss
scoring_elements 0.98042
published_at 2026-04-01T12:55:00Z
7
value 0.55155
scoring_system epss
scoring_elements 0.98062
published_at 2026-04-12T12:55:00Z
8
value 0.55155
scoring_system epss
scoring_elements 0.98048
published_at 2026-04-02T12:55:00Z
9
value 0.55155
scoring_system epss
scoring_elements 0.98057
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
3
reference_url http://seclists.org/oss-sec/2014/q4/830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/830
4
reference_url https://issues.jboss.org/browse/UNDERTOW-338
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-338
5
reference_url https://issues.jboss.org/browse/WFLY-4020
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/WFLY-4020
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
7
reference_url http://www.securityfocus.com/bid/71328
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/71328
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:beta2:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:cr4:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
12
reference_url https://bugzilla.redhat.com/CVE-2014-7816
reference_id CVE-2014-7816
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-7816
13
reference_url https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
reference_id GHSA-h6p6-fc4w-cqhx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h6p6-fc4w-cqhx
fixed_packages
0
url pkg:deb/debian/undertow@0?distro=sid
purl pkg:deb/debian/undertow@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@0%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2014-7816, GHSA-h6p6-fc4w-cqhx
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntaz-sckf-mubx
34
url VCID-p9y4-yce4-zqbk
vulnerability_id VCID-p9y4-yce4-zqbk
summary 
Undertow vulnerable to Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46448
published_at 2026-04-24T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46463
published_at 2026-04-09T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.46486
published_at 2026-04-11T12:55:00Z
3
value 0.00235
scoring_system epss
scoring_elements 0.46457
published_at 2026-04-12T12:55:00Z
4
value 0.00235
scoring_system epss
scoring_elements 0.46467
published_at 2026-04-13T12:55:00Z
5
value 0.00235
scoring_system epss
scoring_elements 0.46524
published_at 2026-04-16T12:55:00Z
6
value 0.00235
scoring_system epss
scoring_elements 0.46521
published_at 2026-04-18T12:55:00Z
7
value 0.00235
scoring_system epss
scoring_elements 0.46466
published_at 2026-04-21T12:55:00Z
8
value 0.00235
scoring_system epss
scoring_elements 0.46398
published_at 2026-04-01T12:55:00Z
9
value 0.00235
scoring_system epss
scoring_elements 0.46438
published_at 2026-04-02T12:55:00Z
10
value 0.00235
scoring_system epss
scoring_elements 0.46458
published_at 2026-04-04T12:55:00Z
11
value 0.00235
scoring_system epss
scoring_elements 0.46407
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
5
reference_url https://security.netapp.com/advisory/ntap-20220211-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220211-0001
6
reference_url https://security.netapp.com/advisory/ntap-20220211-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220211-0001/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
reference_id 1772464
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
8
reference_url https://github.com/advisories/GHSA-vjxc-frw4-jmh5
reference_id GHSA-vjxc-frw4-jmh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjxc-frw4-jmh5
9
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
10
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
11
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
12
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
13
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:deb/debian/undertow@2.0.30-1?distro=sid
purl pkg:deb/debian/undertow@2.0.30-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.30-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9y4-yce4-zqbk
35
url VCID-rqvc-k1jm-9kg9
vulnerability_id VCID-rqvc-k1jm-9kg9
summary 
Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72268
published_at 2026-04-24T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72194
published_at 2026-04-09T12:55:00Z
2
value 0.00708
scoring_system epss
scoring_elements 0.72216
published_at 2026-04-11T12:55:00Z
3
value 0.00708
scoring_system epss
scoring_elements 0.722
published_at 2026-04-12T12:55:00Z
4
value 0.00708
scoring_system epss
scoring_elements 0.72186
published_at 2026-04-13T12:55:00Z
5
value 0.00708
scoring_system epss
scoring_elements 0.72229
published_at 2026-04-16T12:55:00Z
6
value 0.00708
scoring_system epss
scoring_elements 0.72238
published_at 2026-04-18T12:55:00Z
7
value 0.00708
scoring_system epss
scoring_elements 0.72224
published_at 2026-04-21T12:55:00Z
8
value 0.00708
scoring_system epss
scoring_elements 0.72167
published_at 2026-04-04T12:55:00Z
9
value 0.00708
scoring_system epss
scoring_elements 0.72145
published_at 2026-04-07T12:55:00Z
10
value 0.00708
scoring_system epss
scoring_elements 0.72182
published_at 2026-04-08T12:55:00Z
11
value 0.00746
scoring_system epss
scoring_elements 0.73006
published_at 2026-04-01T12:55:00Z
12
value 0.00746
scoring_system epss
scoring_elements 0.73015
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
reference_id 1628702
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
14
reference_url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
reference_id GHSA-vf6r-mmhc-3xcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvc-k1jm-9kg9
36
url VCID-scjb-1mwk-rfdd
vulnerability_id VCID-scjb-1mwk-rfdd
summary 
Potential to access user credentials from the log files when debug logging enabled
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
reference_id
reference_type
scores
0
value 0.00445
scoring_system epss
scoring_elements 0.63441
published_at 2026-04-08T12:55:00Z
1
value 0.00445
scoring_system epss
scoring_elements 0.6339
published_at 2026-04-07T12:55:00Z
2
value 0.00445
scoring_system epss
scoring_elements 0.63337
published_at 2026-04-01T12:55:00Z
3
value 0.00445
scoring_system epss
scoring_elements 0.63397
published_at 2026-04-02T12:55:00Z
4
value 0.00445
scoring_system epss
scoring_elements 0.63424
published_at 2026-04-04T12:55:00Z
5
value 0.00445
scoring_system epss
scoring_elements 0.63425
published_at 2026-04-13T12:55:00Z
6
value 0.00445
scoring_system epss
scoring_elements 0.6346
published_at 2026-04-12T12:55:00Z
7
value 0.00445
scoring_system epss
scoring_elements 0.63476
published_at 2026-04-11T12:55:00Z
8
value 0.00445
scoring_system epss
scoring_elements 0.63459
published_at 2026-04-09T12:55:00Z
9
value 0.00448
scoring_system epss
scoring_elements 0.63586
published_at 2026-04-24T12:55:00Z
10
value 0.00448
scoring_system epss
scoring_elements 0.63576
published_at 2026-04-16T12:55:00Z
11
value 0.00448
scoring_system epss
scoring_elements 0.63584
published_at 2026-04-18T12:55:00Z
12
value 0.00448
scoring_system epss
scoring_elements 0.63567
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0017
7
reference_url https://security.netapp.com/advisory/ntap-20220210-0017/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0017/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
reference_id 1731984
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
25
reference_url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
reference_id GHSA-8vh8-vc28-m2hf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
fixed_packages
0
url pkg:deb/debian/undertow@2.0.27-1?distro=sid
purl pkg:deb/debian/undertow@2.0.27-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.27-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scjb-1mwk-rfdd
37
url VCID-sxup-wzjc-tue1
vulnerability_id VCID-sxup-wzjc-tue1
summary 
Improper Input Validation in Undertow
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64358
published_at 2026-04-24T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64331
published_at 2026-04-12T12:55:00Z
2
value 0.00463
scoring_system epss
scoring_elements 0.64302
published_at 2026-04-13T12:55:00Z
3
value 0.00463
scoring_system epss
scoring_elements 0.64337
published_at 2026-04-16T12:55:00Z
4
value 0.00463
scoring_system epss
scoring_elements 0.64347
published_at 2026-04-18T12:55:00Z
5
value 0.00463
scoring_system epss
scoring_elements 0.64338
published_at 2026-04-21T12:55:00Z
6
value 0.00463
scoring_system epss
scoring_elements 0.64223
published_at 2026-04-01T12:55:00Z
7
value 0.00463
scoring_system epss
scoring_elements 0.64281
published_at 2026-04-02T12:55:00Z
8
value 0.00463
scoring_system epss
scoring_elements 0.6431
published_at 2026-04-04T12:55:00Z
9
value 0.00463
scoring_system epss
scoring_elements 0.64266
published_at 2026-04-07T12:55:00Z
10
value 0.00463
scoring_system epss
scoring_elements 0.64315
published_at 2026-04-08T12:55:00Z
11
value 0.00463
scoring_system epss
scoring_elements 0.64329
published_at 2026-04-09T12:55:00Z
12
value 0.00463
scoring_system epss
scoring_elements 0.64342
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
reference_id 1752770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
5
reference_url https://github.com/advisories/GHSA-2w73-fqqj-c92p
reference_id GHSA-2w73-fqqj-c92p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w73-fqqj-c92p
6
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
7
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
8
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
9
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
10
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
11
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
12
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
13
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
14
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
15
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
16
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
17
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
18
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:deb/debian/undertow@2.1.0-1?distro=sid
purl pkg:deb/debian/undertow@2.1.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.1.0-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-1757, GHSA-2w73-fqqj-c92p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxup-wzjc-tue1
38
url VCID-urxh-sp91-kuet
vulnerability_id VCID-urxh-sp91-kuet
summary 
Allocation of Resources Without Limits or Throttling in Undertow
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53264
published_at 2026-04-24T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.5325
published_at 2026-04-09T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53301
published_at 2026-04-11T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53286
published_at 2026-04-12T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53269
published_at 2026-04-13T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53307
published_at 2026-04-16T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53312
published_at 2026-04-18T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.53292
published_at 2026-04-21T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53186
published_at 2026-04-01T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53209
published_at 2026-04-02T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.53234
published_at 2026-04-04T12:55:00Z
11
value 0.00299
scoring_system epss
scoring_elements 0.53202
published_at 2026-04-07T12:55:00Z
12
value 0.00299
scoring_system epss
scoring_elements 0.53254
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
6
reference_url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
reference_id GHSA-g4cp-h53p-v3v8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
7
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
8
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
9
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
10
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
11
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
12
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
13
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
14
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
15
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
16
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
17
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
fixed_packages
0
url pkg:deb/debian/undertow@2.1.1-1?distro=sid
purl pkg:deb/debian/undertow@2.1.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.1.1-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urxh-sp91-kuet
39
url VCID-usz2-tufg-k7gz
vulnerability_id VCID-usz2-tufg-k7gz
summary 
Undertow denial of service vulnerability
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1184
1
reference_url https://access.redhat.com/errata/RHSA-2023:1185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1185
2
reference_url https://access.redhat.com/errata/RHSA-2023:1512
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1512
3
reference_url https://access.redhat.com/errata/RHSA-2023:1513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1513
4
reference_url https://access.redhat.com/errata/RHSA-2023:1514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1514
5
reference_url https://access.redhat.com/errata/RHSA-2023:1516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1516
6
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:2135
7
reference_url https://access.redhat.com/errata/RHSA-2023:3883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3883
8
reference_url https://access.redhat.com/errata/RHSA-2023:3884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3884
9
reference_url https://access.redhat.com/errata/RHSA-2023:3885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3885
10
reference_url https://access.redhat.com/errata/RHSA-2023:3888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3888
11
reference_url https://access.redhat.com/errata/RHSA-2023:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3892
12
reference_url https://access.redhat.com/errata/RHSA-2023:3954
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3954
13
reference_url https://access.redhat.com/errata/RHSA-2023:4612
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:4612
14
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
15
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
reference_id
reference_type
scores
0
value 0.00567
scoring_system epss
scoring_elements 0.68582
published_at 2026-04-24T12:55:00Z
1
value 0.00567
scoring_system epss
scoring_elements 0.68457
published_at 2026-04-02T12:55:00Z
2
value 0.00567
scoring_system epss
scoring_elements 0.68476
published_at 2026-04-04T12:55:00Z
3
value 0.00567
scoring_system epss
scoring_elements 0.68452
published_at 2026-04-07T12:55:00Z
4
value 0.00567
scoring_system epss
scoring_elements 0.68503
published_at 2026-04-08T12:55:00Z
5
value 0.00567
scoring_system epss
scoring_elements 0.6852
published_at 2026-04-09T12:55:00Z
6
value 0.00567
scoring_system epss
scoring_elements 0.68546
published_at 2026-04-11T12:55:00Z
7
value 0.00567
scoring_system epss
scoring_elements 0.68534
published_at 2026-04-12T12:55:00Z
8
value 0.00567
scoring_system epss
scoring_elements 0.68502
published_at 2026-04-13T12:55:00Z
9
value 0.00567
scoring_system epss
scoring_elements 0.68542
published_at 2026-04-16T12:55:00Z
10
value 0.00567
scoring_system epss
scoring_elements 0.68555
published_at 2026-04-18T12:55:00Z
11
value 0.00567
scoring_system epss
scoring_elements 0.68533
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
17
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
18
reference_url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
19
reference_url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
20
reference_url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
21
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
22
reference_url https://security.netapp.com/advisory/ntap-20231020-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231020-0002
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
reference_id 1033253
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id cpe:/a:redhat:openstack:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
45
reference_url https://access.redhat.com/security/cve/CVE-2023-1108
reference_id CVE-2023-1108
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/security/cve/CVE-2023-1108
46
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
reference_id CVE-2023-1108
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
47
reference_url https://github.com/advisories/GHSA-m4mm-pg93-fv78
reference_id GHSA-m4mm-pg93-fv78
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://github.com/advisories/GHSA-m4mm-pg93-fv78
48
reference_url https://security.netapp.com/advisory/ntap-20231020-0002/
reference_id ntap-20231020-0002
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://security.netapp.com/advisory/ntap-20231020-0002/
fixed_packages
0
url pkg:deb/debian/undertow@2.3.8-2?distro=sid
purl pkg:deb/debian/undertow@2.3.8-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.8-2%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2023-1108, GHSA-m4mm-pg93-fv78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-usz2-tufg-k7gz
40
url VCID-xftw-raz7-b7e1
vulnerability_id VCID-xftw-raz7-b7e1
summary 
Undertow vulnerable to Dos via Large AJP request
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53736
published_at 2026-04-24T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53682
published_at 2026-04-02T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53709
published_at 2026-04-04T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53681
published_at 2026-04-07T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53733
published_at 2026-04-08T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53731
published_at 2026-04-09T12:55:00Z
6
value 0.00305
scoring_system epss
scoring_elements 0.5378
published_at 2026-04-11T12:55:00Z
7
value 0.00305
scoring_system epss
scoring_elements 0.53763
published_at 2026-04-12T12:55:00Z
8
value 0.00305
scoring_system epss
scoring_elements 0.53747
published_at 2026-04-13T12:55:00Z
9
value 0.00305
scoring_system epss
scoring_elements 0.53784
published_at 2026-04-16T12:55:00Z
10
value 0.00305
scoring_system epss
scoring_elements 0.53788
published_at 2026-04-18T12:55:00Z
11
value 0.00305
scoring_system epss
scoring_elements 0.53771
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/pull/1350
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1350
5
reference_url https://issues.redhat.com/browse/UNDERTOW-2133
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2133
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
reference_id 2095862
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
8
reference_url https://github.com/advisories/GHSA-95rf-557x-44g5
reference_id GHSA-95rf-557x-44g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95rf-557x-44g5
9
reference_url https://access.redhat.com/errata/RHSA-2022:6821
reference_id RHSA-2022:6821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6821
10
reference_url https://access.redhat.com/errata/RHSA-2022:6822
reference_id RHSA-2022:6822
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6822
11
reference_url https://access.redhat.com/errata/RHSA-2022:6823
reference_id RHSA-2022:6823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6823
12
reference_url https://access.redhat.com/errata/RHSA-2022:6825
reference_id RHSA-2022:6825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6825
13
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
fixed_packages
0
url pkg:deb/debian/undertow@2.2.18-1?distro=sid
purl pkg:deb/debian/undertow@2.2.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2022-2053, GHSA-95rf-557x-44g5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xftw-raz7-b7e1
41
url VCID-xme8-usmd-vqg3
vulnerability_id VCID-xme8-usmd-vqg3
summary 
Undertow vulnerable to Race Condition
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:11023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:11023
1
reference_url https://access.redhat.com/errata/RHSA-2024:6508
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6508
2
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6883
3
reference_url https://access.redhat.com/errata/RHSA-2024:7441
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7441
4
reference_url https://access.redhat.com/errata/RHSA-2024:7442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7442
5
reference_url https://access.redhat.com/errata/RHSA-2024:7735
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7735
6
reference_url https://access.redhat.com/errata/RHSA-2024:7736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7736
7
reference_url https://access.redhat.com/errata/RHSA-2024:8080
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:8080
8
reference_url https://access.redhat.com/errata/RHSA-2025:16667
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2025:16667
9
reference_url https://access.redhat.com/errata/RHSA-2026:0743
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2026:0743
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
11
reference_url https://access.redhat.com/security/cve/CVE-2024-7885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/security/cve/CVE-2024-7885
12
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
reference_id
reference_type
scores
0
value 0.10699
scoring_system epss
scoring_elements 0.93355
published_at 2026-04-24T12:55:00Z
1
value 0.10699
scoring_system epss
scoring_elements 0.93299
published_at 2026-04-02T12:55:00Z
2
value 0.10699
scoring_system epss
scoring_elements 0.93305
published_at 2026-04-04T12:55:00Z
3
value 0.10699
scoring_system epss
scoring_elements 0.93304
published_at 2026-04-07T12:55:00Z
4
value 0.10699
scoring_system epss
scoring_elements 0.93312
published_at 2026-04-08T12:55:00Z
5
value 0.10699
scoring_system epss
scoring_elements 0.93317
published_at 2026-04-09T12:55:00Z
6
value 0.10699
scoring_system epss
scoring_elements 0.93321
published_at 2026-04-11T12:55:00Z
7
value 0.10699
scoring_system epss
scoring_elements 0.93319
published_at 2026-04-12T12:55:00Z
8
value 0.10699
scoring_system epss
scoring_elements 0.9332
published_at 2026-04-13T12:55:00Z
9
value 0.10699
scoring_system epss
scoring_elements 0.93339
published_at 2026-04-16T12:55:00Z
10
value 0.10699
scoring_system epss
scoring_elements 0.93343
published_at 2026-04-18T12:55:00Z
11
value 0.10699
scoring_system epss
scoring_elements 0.9335
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
14
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
15
reference_url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
16
reference_url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
17
reference_url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
19
reference_url https://security.netapp.com/advisory/ntap-20241011-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0004
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
reference_id 1082854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_id cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id cpe:/a:redhat:quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_id cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
43
reference_url https://github.com/advisories/GHSA-9623-mqmm-5rcf
reference_id GHSA-9623-mqmm-5rcf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9623-mqmm-5rcf
fixed_packages
0
url pkg:deb/debian/undertow@2.3.18-1?distro=sid
purl pkg:deb/debian/undertow@2.3.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2024-7885, GHSA-9623-mqmm-5rcf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xme8-usmd-vqg3
42
url VCID-y5s2-w88t-8uhx
vulnerability_id VCID-y5s2-w88t-8uhx
summary 
Uncontrolled Resource Consumption
Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7046.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7046.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7046
reference_id
reference_type
scores
0
value 0.0406
scoring_system epss
scoring_elements 0.88552
published_at 2026-04-24T12:55:00Z
1
value 0.0406
scoring_system epss
scoring_elements 0.88473
published_at 2026-04-01T12:55:00Z
2
value 0.0406
scoring_system epss
scoring_elements 0.88481
published_at 2026-04-02T12:55:00Z
3
value 0.0406
scoring_system epss
scoring_elements 0.88498
published_at 2026-04-04T12:55:00Z
4
value 0.0406
scoring_system epss
scoring_elements 0.88501
published_at 2026-04-07T12:55:00Z
5
value 0.0406
scoring_system epss
scoring_elements 0.88519
published_at 2026-04-08T12:55:00Z
6
value 0.0406
scoring_system epss
scoring_elements 0.88524
published_at 2026-04-09T12:55:00Z
7
value 0.0406
scoring_system epss
scoring_elements 0.88536
published_at 2026-04-11T12:55:00Z
8
value 0.0406
scoring_system epss
scoring_elements 0.88528
published_at 2026-04-13T12:55:00Z
9
value 0.0406
scoring_system epss
scoring_elements 0.88542
published_at 2026-04-16T12:55:00Z
10
value 0.0406
scoring_system epss
scoring_elements 0.88538
published_at 2026-04-18T12:55:00Z
11
value 0.0406
scoring_system epss
scoring_elements 0.88535
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7046
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1376646
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1376646
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
5
reference_url https://issues.redhat.com/browse/UNDERTOW-835
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-835
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7046
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7046
7
reference_url https://security-tracker.debian.org/tracker/CVE-2016-7046
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2016-7046
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600
reference_id 838600
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600
9
reference_url https://access.redhat.com/security/cve/CVE-2016-7046
reference_id CVE-2016-7046
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2016-7046
10
reference_url https://github.com/advisories/GHSA-3f57-w2rp-72fc
reference_id GHSA-3f57-w2rp-72fc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f57-w2rp-72fc
11
reference_url https://access.redhat.com/errata/RHSA-2016:2640
reference_id RHSA-2016:2640
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2640
12
reference_url https://access.redhat.com/errata/RHSA-2016:2641
reference_id RHSA-2016:2641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2641
13
reference_url https://access.redhat.com/errata/RHSA-2016:2642
reference_id RHSA-2016:2642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2642
14
reference_url https://access.redhat.com/errata/RHSA-2016:2657
reference_id RHSA-2016:2657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2657
fixed_packages
0
url pkg:deb/debian/undertow@1.4.3-1?distro=sid
purl pkg:deb/debian/undertow@1.4.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.3-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2016-7046, GHSA-3f57-w2rp-72fc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5s2-w88t-8uhx
43
url VCID-ygp7-kj2w-syat
vulnerability_id VCID-ygp7-kj2w-syat
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.78063
published_at 2026-04-24T12:55:00Z
1
value 0.01096
scoring_system epss
scoring_elements 0.77946
published_at 2026-04-01T12:55:00Z
2
value 0.01096
scoring_system epss
scoring_elements 0.77953
published_at 2026-04-02T12:55:00Z
3
value 0.01096
scoring_system epss
scoring_elements 0.77982
published_at 2026-04-04T12:55:00Z
4
value 0.01096
scoring_system epss
scoring_elements 0.77963
published_at 2026-04-07T12:55:00Z
5
value 0.01096
scoring_system epss
scoring_elements 0.7799
published_at 2026-04-08T12:55:00Z
6
value 0.01096
scoring_system epss
scoring_elements 0.77995
published_at 2026-04-09T12:55:00Z
7
value 0.01096
scoring_system epss
scoring_elements 0.78022
published_at 2026-04-11T12:55:00Z
8
value 0.01096
scoring_system epss
scoring_elements 0.78005
published_at 2026-04-12T12:55:00Z
9
value 0.01096
scoring_system epss
scoring_elements 0.78003
published_at 2026-04-13T12:55:00Z
10
value 0.01096
scoring_system epss
scoring_elements 0.78038
published_at 2026-04-16T12:55:00Z
11
value 0.01096
scoring_system epss
scoring_elements 0.78037
published_at 2026-04-18T12:55:00Z
12
value 0.01096
scoring_system epss
scoring_elements 0.7803
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
5
reference_url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
6
reference_url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
7
reference_url https://issues.redhat.com/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1251
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
reference_id 1490301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id 885338
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
reference_id CVE-2017-12165
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
11
reference_url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
reference_id GHSA-5gg7-5wv8-4gcj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygp7-kj2w-syat
44
url VCID-yn69-8upm-7yc2
vulnerability_id VCID-yn69-8upm-7yc2
summary 
Undertow Uncontrolled Resource Consumption
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52701
published_at 2026-04-21T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52641
published_at 2026-04-04T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52607
published_at 2026-04-07T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52658
published_at 2026-04-08T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52653
published_at 2026-04-24T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52704
published_at 2026-04-11T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52687
published_at 2026-04-12T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52671
published_at 2026-04-13T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.5271
published_at 2026-04-16T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52717
published_at 2026-04-18T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52571
published_at 2026-04-01T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52615
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
5
reference_url https://security.netapp.com/advisory/ntap-20220729-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0008
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
7
reference_url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
reference_id GHSA-rf6q-vx79-mjxr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
8
reference_url https://access.redhat.com/errata/RHSA-2021:4676
reference_id RHSA-2021:4676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4676
9
reference_url https://access.redhat.com/errata/RHSA-2021:4677
reference_id RHSA-2021:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4677
10
reference_url https://access.redhat.com/errata/RHSA-2021:4679
reference_id RHSA-2021:4679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4679
11
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
12
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
13
reference_url https://access.redhat.com/errata/RHSA-2021:5149
reference_id RHSA-2021:5149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5149
14
reference_url https://access.redhat.com/errata/RHSA-2021:5150
reference_id RHSA-2021:5150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5150
15
reference_url https://access.redhat.com/errata/RHSA-2021:5151
reference_id RHSA-2021:5151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5151
16
reference_url https://access.redhat.com/errata/RHSA-2021:5154
reference_id RHSA-2021:5154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5154
17
reference_url https://access.redhat.com/errata/RHSA-2021:5170
reference_id RHSA-2021:5170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5170
18
reference_url https://access.redhat.com/errata/RHSA-2022:0146
reference_id RHSA-2022:0146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0146
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
20
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
21
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:deb/debian/undertow@2.2.12-1?distro=sid
purl pkg:deb/debian/undertow@2.2.12-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.12-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2021-3629, GHSA-rf6q-vx79-mjxr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn69-8upm-7yc2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid