Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json

reference_url

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10212

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.63909
published_at	2026-06-05T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63867
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10212

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

reference_url

https://security.netapp.com/advisory/ntap-20220210-0017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0017

reference_url	https://security.netapp.com/advisory/ntap-20220210-0017/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220210-0017/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1731984
reference_id	1731984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1731984

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10212

reference_id

CVE-2019-10212

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10212

reference_url

https://github.com/advisories/GHSA-8vh8-vc28-m2hf

reference_id

GHSA-8vh8-vc28-m2hf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8vh8-vc28-m2hf

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.20.Final

purl pkg:maven/io.undertow/undertow-core@2.0.20.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final

url	pkg:maven/io.undertow/undertow-core@2.0.20
purl	pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20

aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gjh-hhzw-jyda

url VCID-4qfb-8hen-qkc7

vulnerability_id VCID-4qfb-8hen-qkc7

summary

Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0729

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0729

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14888

reference_id

reference_type

scores

value	0.00242
scoring_system	epss
scoring_elements	0.47682
published_at	2026-06-05T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47618
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14888

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888

reference_url

https://security.netapp.com/advisory/ntap-20220211-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220211-0001

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1772464
reference_id	1772464
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1772464

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14888

reference_id

CVE-2019-14888

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14888

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2367
reference_id	RHSA-2020:2367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2367

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.29.Final

purl pkg:maven/io.undertow/undertow-core@2.0.29.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final

aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfb-8hen-qkc7

url VCID-52hy-69kb-byee

vulnerability_id VCID-52hy-69kb-byee

summary

Undertow Denial of Service vulnerability
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1973

reference_id

reference_type

scores

value	0.00727
scoring_system	epss
scoring_elements	0.73029
published_at	2026-06-05T12:55:00Z

value	0.00727
scoring_system	epss
scoring_elements	0.72991
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1973

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2185662

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2185662

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258

reference_url

https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
reference_id	1068815
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

reference_url

https://access.redhat.com/security/cve/CVE-2023-1973

reference_id

CVE-2023-1973

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/

url

https://access.redhat.com/security/cve/CVE-2023-1973

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1973

reference_id

CVE-2023-1973

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1973

reference_url	https://github.com/advisories/GHSA-97cq-f4jm-mv8h
reference_id	GHSA-97cq-f4jm-mv8h
reference_type
scores
url	https://github.com/advisories/GHSA-97cq-f4jm-mv8h

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.32.Final

purl pkg:maven/io.undertow/undertow-core@2.2.32.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.32.Final

url pkg:maven/io.undertow/undertow-core@2.3.13.Final

purl pkg:maven/io.undertow/undertow-core@2.3.13.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.13.Final

aliases CVE-2023-1973, GHSA-97cq-f4jm-mv8h

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52hy-69kb-byee

url VCID-63qx-1wuv-qufb

vulnerability_id VCID-63qx-1wuv-qufb

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10719

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37592
published_at	2026-06-05T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37499
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10719

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

reference_url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1828459
reference_id	1828459
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1828459

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id	969913
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10719

reference_id

CVE-2020-10719

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10719

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.1.1.Final

purl pkg:maven/io.undertow/undertow-core@2.1.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final

aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63qx-1wuv-qufb

url VCID-641y-uckh-gfen

vulnerability_id VCID-641y-uckh-gfen

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20220

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39691
published_at	2026-06-05T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39604
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20220

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1923133

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1923133

reference_url

https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f

reference_url

https://security.netapp.com/advisory/ntap-20220210-0013

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0013

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20220

reference_id

CVE-2021-20220

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20220

reference_url	https://access.redhat.com/errata/RHSA-2021:0872
reference_id	RHSA-2021:0872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0872

reference_url	https://access.redhat.com/errata/RHSA-2021:0873
reference_id	RHSA-2021:0873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0873

reference_url	https://access.redhat.com/errata/RHSA-2021:0874
reference_id	RHSA-2021:0874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0874

reference_url	https://access.redhat.com/errata/RHSA-2021:0885
reference_id	RHSA-2021:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0885

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

reference_url	https://access.redhat.com/errata/RHSA-2021:2210
reference_id	RHSA-2021:2210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2210

reference_url	https://access.redhat.com/errata/RHSA-2021:2755
reference_id	RHSA-2021:2755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2755

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.34.Final

purl pkg:maven/io.undertow/undertow-core@2.0.34.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final

url	pkg:maven/io.undertow/undertow-core@2.0.34
purl	pkg:maven/io.undertow/undertow-core@2.0.34
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34

url pkg:maven/io.undertow/undertow-core@2.1.6.Final

purl pkg:maven/io.undertow/undertow-core@2.1.6.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final

url	pkg:maven/io.undertow/undertow-core@2.1.6
purl	pkg:maven/io.undertow/undertow-core@2.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6

aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-641y-uckh-gfen

url VCID-6wpa-h8xy-kfh2

vulnerability_id VCID-6wpa-h8xy-kfh2

summary A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json

reference_url

https://access.redhat.com/security/cve/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3690

reference_url

https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3690

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51472
published_at	2026-06-05T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51411
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3690

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877

reference_url

https://issues.redhat.com/browse/UNDERTOW-1935

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-1935

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

reference_url

https://www.mend.io/vulnerability-database/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mend.io/vulnerability-database/CVE-2021-3690

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1991299

reference_id

1991299

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1991299

reference_url

https://github.com/advisories/GHSA-fj7c-vg2v-ccrm

reference_id

GHSA-fj7c-vg2v-ccrm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fj7c-vg2v-ccrm

reference_url	https://access.redhat.com/errata/RHSA-2021:3216
reference_id	RHSA-2021:3216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3216

reference_url	https://access.redhat.com/errata/RHSA-2021:3217
reference_id	RHSA-2021:3217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3217

reference_url	https://access.redhat.com/errata/RHSA-2021:3218
reference_id	RHSA-2021:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3218

reference_url	https://access.redhat.com/errata/RHSA-2021:3219
reference_id	RHSA-2021:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3219

reference_url	https://access.redhat.com/errata/RHSA-2021:3425
reference_id	RHSA-2021:3425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3425

reference_url	https://access.redhat.com/errata/RHSA-2021:3466
reference_id	RHSA-2021:3466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3466

reference_url	https://access.redhat.com/errata/RHSA-2021:3467
reference_id	RHSA-2021:3467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3467

reference_url	https://access.redhat.com/errata/RHSA-2021:3468
reference_id	RHSA-2021:3468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3468

reference_url	https://access.redhat.com/errata/RHSA-2021:3471
reference_id	RHSA-2021:3471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3471

reference_url	https://access.redhat.com/errata/RHSA-2021:3516
reference_id	RHSA-2021:3516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3516

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

reference_url	https://access.redhat.com/errata/RHSA-2021:3656
reference_id	RHSA-2021:3656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3656

reference_url	https://access.redhat.com/errata/RHSA-2021:3658
reference_id	RHSA-2021:3658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3658

reference_url	https://access.redhat.com/errata/RHSA-2021:3660
reference_id	RHSA-2021:3660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3660

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2022:1029
reference_id	RHSA-2022:1029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1029

fixed_packages

url	pkg:maven/io.undertow/undertow-core@2.0.40
purl	pkg:maven/io.undertow/undertow-core@2.0.40
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40

url pkg:maven/io.undertow/undertow-core@2.0.40.Final

purl pkg:maven/io.undertow/undertow-core@2.0.40.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final

url	pkg:maven/io.undertow/undertow-core@2.2.10
purl	pkg:maven/io.undertow/undertow-core@2.2.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10

url pkg:maven/io.undertow/undertow-core@2.2.10.Final

purl pkg:maven/io.undertow/undertow-core@2.2.10.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10.Final

aliases CVE-2021-3690, GHSA-fj7c-vg2v-ccrm, GMS-2022-2964

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wpa-h8xy-kfh2

url VCID-9cnw-cm28-nfeu

vulnerability_id VCID-9cnw-cm28-nfeu

summary A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3597

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37939
published_at	2026-06-05T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37848
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3597

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3597

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3597

reference_url

https://security.netapp.com/advisory/ntap-20220804-0003

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220804-0003

reference_url	https://security.netapp.com/advisory/ntap-20220804-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220804-0003/

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1970930

reference_id

1970930

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1970930

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
reference_id	989861
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861

reference_url

https://github.com/advisories/GHSA-mfhv-gwf8-4m88

reference_id

GHSA-mfhv-gwf8-4m88

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfhv-gwf8-4m88

reference_url	https://access.redhat.com/errata/RHSA-2021:3466
reference_id	RHSA-2021:3466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3466

reference_url	https://access.redhat.com/errata/RHSA-2021:3467
reference_id	RHSA-2021:3467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3467

reference_url	https://access.redhat.com/errata/RHSA-2021:3468
reference_id	RHSA-2021:3468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3468

reference_url	https://access.redhat.com/errata/RHSA-2021:3471
reference_id	RHSA-2021:3471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3471

reference_url	https://access.redhat.com/errata/RHSA-2021:3516
reference_id	RHSA-2021:3516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3516

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

reference_url	https://access.redhat.com/errata/RHSA-2021:3656
reference_id	RHSA-2021:3656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3656

reference_url	https://access.redhat.com/errata/RHSA-2021:3658
reference_id	RHSA-2021:3658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3658

reference_url	https://access.redhat.com/errata/RHSA-2021:3660
reference_id	RHSA-2021:3660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3660

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.39.Final

purl pkg:maven/io.undertow/undertow-core@2.0.39.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.39.Final

url pkg:maven/io.undertow/undertow-core@2.2.9.Final

purl pkg:maven/io.undertow/undertow-core@2.2.9.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final

aliases CVE-2021-3597, GHSA-mfhv-gwf8-4m88

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cnw-cm28-nfeu

url VCID-ast2-qxn7-m3ar

vulnerability_id VCID-ast2-qxn7-m3ar

summary A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json

reference_url

https://access.redhat.com/security/cve/cve-2021-3859

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-3859

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3859

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.55213
published_at	2026-06-05T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.55155
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3859

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8

reference_url

https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2

reference_url

https://github.com/undertow-io/undertow/pull/1296

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/pull/1296

reference_url

https://issues.redhat.com/browse/UNDERTOW-1979

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-1979

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3859

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3859

reference_url

https://security.netapp.com/advisory/ntap-20221201-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221201-0004

reference_url	https://security.netapp.com/advisory/ntap-20221201-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221201-0004/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983
reference_id	1015983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2010378

reference_id

2010378

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2010378

reference_url	https://access.redhat.com/security/cve/CVE-2021-3859
reference_id	CVE-2021-3859
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2021-3859

reference_url

https://github.com/advisories/GHSA-339q-62wm-c39w

reference_id

GHSA-339q-62wm-c39w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-339q-62wm-c39w

reference_url	https://access.redhat.com/errata/RHSA-2022:0400
reference_id	RHSA-2022:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0400

reference_url	https://access.redhat.com/errata/RHSA-2022:0401
reference_id	RHSA-2022:0401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0401

reference_url	https://access.redhat.com/errata/RHSA-2022:0404
reference_id	RHSA-2022:0404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0404

reference_url	https://access.redhat.com/errata/RHSA-2022:0405
reference_id	RHSA-2022:0405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0405

reference_url	https://access.redhat.com/errata/RHSA-2022:0406
reference_id	RHSA-2022:0406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0406

reference_url	https://access.redhat.com/errata/RHSA-2022:0407
reference_id	RHSA-2022:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0407

reference_url	https://access.redhat.com/errata/RHSA-2022:0408
reference_id	RHSA-2022:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0408

reference_url	https://access.redhat.com/errata/RHSA-2022:0409
reference_id	RHSA-2022:0409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0409

reference_url	https://access.redhat.com/errata/RHSA-2022:0410
reference_id	RHSA-2022:0410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0410

reference_url	https://access.redhat.com/errata/RHSA-2022:0415
reference_id	RHSA-2022:0415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0415

reference_url	https://access.redhat.com/errata/RHSA-2022:0447
reference_id	RHSA-2022:0447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0447

reference_url	https://access.redhat.com/errata/RHSA-2022:0448
reference_id	RHSA-2022:0448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0448

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.15.Final

purl pkg:maven/io.undertow/undertow-core@2.2.15.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15.Final

url	pkg:maven/io.undertow/undertow-core@2.2.15
purl	pkg:maven/io.undertow/undertow-core@2.2.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15

aliases CVE-2021-3859, GHSA-339q-62wm-c39w, GMS-2022-2963

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ast2-qxn7-m3ar

url VCID-dm2g-eaak-cya7

vulnerability_id VCID-dm2g-eaak-cya7

summary A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3629

reference_id

reference_type

scores

value	0.00293
scoring_system	epss
scoring_elements	0.52988
published_at	2026-06-05T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52927
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3629

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3629

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3629

reference_url

https://security.netapp.com/advisory/ntap-20220729-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220729-0008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id	1016448
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1977362

reference_id

1977362

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1977362

reference_url

https://github.com/advisories/GHSA-rf6q-vx79-mjxr

reference_id

GHSA-rf6q-vx79-mjxr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rf6q-vx79-mjxr

reference_url	https://access.redhat.com/errata/RHSA-2021:4676
reference_id	RHSA-2021:4676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4676

reference_url	https://access.redhat.com/errata/RHSA-2021:4677
reference_id	RHSA-2021:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4677

reference_url	https://access.redhat.com/errata/RHSA-2021:4679
reference_id	RHSA-2021:4679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4679

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2021:5149
reference_id	RHSA-2021:5149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5149

reference_url	https://access.redhat.com/errata/RHSA-2021:5150
reference_id	RHSA-2021:5150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5150

reference_url	https://access.redhat.com/errata/RHSA-2021:5151
reference_id	RHSA-2021:5151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5151

reference_url	https://access.redhat.com/errata/RHSA-2021:5154
reference_id	RHSA-2021:5154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5154

reference_url	https://access.redhat.com/errata/RHSA-2021:5170
reference_id	RHSA-2021:5170
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5170

reference_url	https://access.redhat.com/errata/RHSA-2022:0146
reference_id	RHSA-2022:0146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0146

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.40.Final

purl pkg:maven/io.undertow/undertow-core@2.0.40.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final

url pkg:maven/io.undertow/undertow-core@2.2.11.Final

purl pkg:maven/io.undertow/undertow-core@2.2.11.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final

aliases CVE-2021-3629, GHSA-rf6q-vx79-mjxr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2g-eaak-cya7

url VCID-ewgw-1sk9-dqhe

vulnerability_id VCID-ewgw-1sk9-dqhe

summary

Undertow denial of service vulnerability
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:1184

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1184

reference_url

https://access.redhat.com/errata/RHSA-2023:1185

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1185

reference_url

https://access.redhat.com/errata/RHSA-2023:1512

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1512

reference_url

https://access.redhat.com/errata/RHSA-2023:1513

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1513

reference_url

https://access.redhat.com/errata/RHSA-2023:1514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1514

reference_url

https://access.redhat.com/errata/RHSA-2023:1516

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:1516

reference_url

https://access.redhat.com/errata/RHSA-2023:3883

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3883

reference_url

https://access.redhat.com/errata/RHSA-2023:3884

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3884

reference_url

https://access.redhat.com/errata/RHSA-2023:3885

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3885

reference_url

https://access.redhat.com/errata/RHSA-2023:3888

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3888

reference_url

https://access.redhat.com/errata/RHSA-2023:3892

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3892

reference_url

https://access.redhat.com/errata/RHSA-2023:3954

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:3954

reference_url

https://access.redhat.com/errata/RHSA-2023:4612

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:4612

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1108

reference_id

reference_type

scores

value	0.00567
scoring_system	epss
scoring_elements	0.68917
published_at	2026-06-05T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68877
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1108

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2174246

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2174246

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78

reference_url

https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be

reference_url

https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d

reference_url

https://github.com/undertow-io/undertow/pull/1457

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/pull/1457

reference_url

https://security.netapp.com/advisory/ntap-20231020-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231020-0002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
reference_id	1033253
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id	cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id	cpe:/a:redhat:integration:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id	cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id	cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id	cpe:/a:redhat:openstack:13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id	cpe:/a:redhat:quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id	cpe:/a:redhat:service_registry:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2

reference_url

https://access.redhat.com/security/cve/CVE-2023-1108

reference_id

CVE-2023-1108

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/security/cve/CVE-2023-1108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1108

reference_id

CVE-2023-1108

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1108

reference_url

https://github.com/advisories/GHSA-m4mm-pg93-fv78

reference_id

GHSA-m4mm-pg93-fv78

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://github.com/advisories/GHSA-m4mm-pg93-fv78

reference_url

https://security.netapp.com/advisory/ntap-20231020-0002/

reference_id

ntap-20231020-0002

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://security.netapp.com/advisory/ntap-20231020-0002/

reference_url

https://access.redhat.com/errata/RHSA-2023:2135

reference_id

RHSA-2023:2135

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/

url

https://access.redhat.com/errata/RHSA-2023:2135

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.24.Final

purl pkg:maven/io.undertow/undertow-core@2.2.24.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final

url pkg:maven/io.undertow/undertow-core@2.3.5.Final

purl pkg:maven/io.undertow/undertow-core@2.3.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final

aliases CVE-2023-1108, GHSA-m4mm-pg93-fv78

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewgw-1sk9-dqhe

url VCID-fmhu-72zm-wucj

vulnerability_id VCID-fmhu-72zm-wucj

summary

Allocation of Resources Without Limits or Throttling
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

references

reference_url	https://access.redhat.com/errata/RHSA-2023:4509
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4509

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5379

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.36859
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5379

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2242099

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2242099

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055
reference_id	1059055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id	cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id	cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id	cpe:/a:redhat:quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://access.redhat.com/security/cve/CVE-2023-5379

reference_id

CVE-2023-5379

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/

url

https://access.redhat.com/security/cve/CVE-2023-5379

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-5379
reference_id	CVE-2023-5379
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-5379

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.3.11.Final

purl pkg:maven/io.undertow/undertow-core@2.3.11.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.11.Final

aliases CVE-2023-5379

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmhu-72zm-wucj

url VCID-qbnn-jmjd-qqbx

vulnerability_id VCID-qbnn-jmjd-qqbx

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was discovered in all versions of Undertow before Undertow Final, where HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10687

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.30999
published_at	2026-06-05T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30933
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10687

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1785049

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1785049

reference_url

https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20220210-0015

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0015

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10687

reference_id

CVE-2020-10687

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10687

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3461
reference_id	RHSA-2020:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3461

reference_url	https://access.redhat.com/errata/RHSA-2020:3462
reference_id	RHSA-2020:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3462

reference_url	https://access.redhat.com/errata/RHSA-2020:3463
reference_id	RHSA-2020:3463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3463

reference_url	https://access.redhat.com/errata/RHSA-2020:3464
reference_id	RHSA-2020:3464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3464

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2021:0872
reference_id	RHSA-2021:0872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0872

reference_url	https://access.redhat.com/errata/RHSA-2021:0873
reference_id	RHSA-2021:0873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0873

reference_url	https://access.redhat.com/errata/RHSA-2021:0874
reference_id	RHSA-2021:0874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0874

reference_url	https://access.redhat.com/errata/RHSA-2021:0885
reference_id	RHSA-2021:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0885

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.0.Final

purl pkg:maven/io.undertow/undertow-core@2.2.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final

aliases CVE-2020-10687, GHSA-p9w3-gwc2-cr49

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnn-jmjd-qqbx

url VCID-r2k1-7y3z-77hh

vulnerability_id VCID-r2k1-7y3z-77hh

summary undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1259

reference_id

reference_type

scores

value	0.0044
scoring_system	epss
scoring_elements	0.6349
published_at	2026-06-04T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63533
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1259

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2072339
reference_id	2072339
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2072339

reference_url	https://access.redhat.com/security/cve/CVE-2022-1259
reference_id	CVE-2022-1259
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1259

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1259
reference_id	CVE-2022-1259
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1259

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:6821
reference_id	RHSA-2022:6821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6821

reference_url	https://access.redhat.com/errata/RHSA-2022:6822
reference_id	RHSA-2022:6822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6822

reference_url	https://access.redhat.com/errata/RHSA-2022:6823
reference_id	RHSA-2022:6823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6823

reference_url	https://access.redhat.com/errata/RHSA-2022:6825
reference_id	RHSA-2022:6825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6825

reference_url	https://access.redhat.com/errata/RHSA-2022:8761
reference_id	RHSA-2022:8761
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8761

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.20.Final

purl pkg:maven/io.undertow/undertow-core@2.2.20.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-vb58-6kfn-7uaj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final

aliases CVE-2022-1259

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2k1-7y3z-77hh

url VCID-rxsj-32jz-wugq

vulnerability_id VCID-rxsj-32jz-wugq

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
A flaw was discovered in Undertow where certain requests to the `Expect: ` header may cause an out of memory error. This flaw may potentially lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10705

reference_id

reference_type

scores

value	0.00299
scoring_system	epss
scoring_elements	0.53602
published_at	2026-06-05T12:55:00Z

value	0.00299
scoring_system	epss
scoring_elements	0.53544
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10705

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1803241

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1803241

reference_url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0014

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10705

reference_id

CVE-2020-10705

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10705

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2025:16668
reference_id	RHSA-2025:16668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16668

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.1.1.Final

purl pkg:maven/io.undertow/undertow-core@2.1.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final

aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsj-32jz-wugq

url VCID-tqvr-tetp-8ugb

vulnerability_id VCID-tqvr-tetp-8ugb

summary undertow: Double AJP response for 400 from EAP 7 results in CPING failures

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1319

reference_id

reference_type

scores

value	0.01193
scoring_system	epss
scoring_elements	0.79191
published_at	2026-06-04T12:55:00Z

value	0.01193
scoring_system	epss
scoring_elements	0.79217
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1319

reference_url	https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b

reference_url	https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3

reference_url	https://issues.redhat.com/browse/UNDERTOW-2060
reference_id
reference_type
scores
url	https://issues.redhat.com/browse/UNDERTOW-2060

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id	1016448
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2073890
reference_id	2073890
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2073890

reference_url	https://access.redhat.com/security/cve/CVE-2022-1319
reference_id	CVE-2022-1319
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2022-1319

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1319
reference_id	CVE-2022-1319
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1319

reference_url	https://access.redhat.com/errata/RHSA-2022:4918
reference_id	RHSA-2022:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:4919
reference_id	RHSA-2022:4919
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4919

reference_url	https://access.redhat.com/errata/RHSA-2022:4922
reference_id	RHSA-2022:4922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4922

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:7409
reference_id	RHSA-2022:7409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7409

reference_url	https://access.redhat.com/errata/RHSA-2022:7410
reference_id	RHSA-2022:7410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7410

reference_url	https://access.redhat.com/errata/RHSA-2022:7411
reference_id	RHSA-2022:7411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7411

reference_url	https://access.redhat.com/errata/RHSA-2022:7417
reference_id	RHSA-2022:7417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7417

reference_url	https://access.redhat.com/errata/RHSA-2022:8761
reference_id	RHSA-2022:8761
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8761

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.17.Final

purl pkg:maven/io.undertow/undertow-core@2.2.17.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17.Final

url pkg:maven/io.undertow/undertow-core@2.2.20.Final

purl pkg:maven/io.undertow/undertow-core@2.2.20.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-vb58-6kfn-7uaj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final

url pkg:maven/io.undertow/undertow-core@2.3.1.Final

purl pkg:maven/io.undertow/undertow-core@2.3.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final

url	pkg:maven/io.undertow/undertow-core@2.2.17
purl	pkg:maven/io.undertow/undertow-core@2.2.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17

aliases CVE-2022-1319

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqvr-tetp-8ugb

url VCID-uenh-qgna-t7c4

vulnerability_id VCID-uenh-qgna-t7c4

summary

False Positive
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1745

reference_id

reference_type

scores

value	0.00636
scoring_system	epss
scoring_elements	0.70845
published_at	2026-06-05T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70802
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1745

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745

reference_url

https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert

reference_url

https://www.cnvd.org.cn/webinfo/show/5415

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cnvd.org.cn/webinfo/show/5415

reference_url

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1807305
reference_id	1807305
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1807305

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1745

reference_id

CVE-2020-1745

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1745

reference_url	https://access.redhat.com/errata/RHSA-2020:0812
reference_id	RHSA-2020:0812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0812

reference_url	https://access.redhat.com/errata/RHSA-2020:0813
reference_id	RHSA-2020:0813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0813

reference_url	https://access.redhat.com/errata/RHSA-2020:0952
reference_id	RHSA-2020:0952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0952

reference_url	https://access.redhat.com/errata/RHSA-2020:0961
reference_id	RHSA-2020:0961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0961

reference_url	https://access.redhat.com/errata/RHSA-2020:0962
reference_id	RHSA-2020:0962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0962

reference_url	https://access.redhat.com/errata/RHSA-2020:2058
reference_id	RHSA-2020:2058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2058

reference_url	https://access.redhat.com/errata/RHSA-2020:2059
reference_id	RHSA-2020:2059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2059

reference_url	https://access.redhat.com/errata/RHSA-2020:2060
reference_id	RHSA-2020:2060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2060

reference_url	https://access.redhat.com/errata/RHSA-2020:2061
reference_id	RHSA-2020:2061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2061

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2367
reference_id	RHSA-2020:2367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2367

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.30.Final

purl pkg:maven/io.undertow/undertow-core@2.0.30.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final

url	pkg:maven/io.undertow/undertow-core@2.0.30
purl	pkg:maven/io.undertow/undertow-core@2.0.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30

aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uenh-qgna-t7c4

url VCID-ufjr-4tdy-q7hx

vulnerability_id VCID-ufjr-4tdy-q7hx

summary

Undertow Path Traversal vulnerability
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1459

reference_id

reference_type

scores

value	0.10104
scoring_system	epss
scoring_elements	0.93236
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1459

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2259475

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2259475

reference_url

https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c

reference_url

https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a

reference_url

https://github.com/undertow-io/undertow/pull/1556

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/pull/1556

reference_url

https://issues.redhat.com/browse/UNDERTOW-2339

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-2339

reference_url

https://security.netapp.com/advisory/ntap-20241122-0008

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241122-0008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
reference_id	1068816
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id	cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id	cpe:/a:redhat:quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://access.redhat.com/security/cve/CVE-2024-1459

reference_id

CVE-2024-1459

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/

url

https://access.redhat.com/security/cve/CVE-2024-1459

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-1459

reference_id

CVE-2024-1459

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-1459

reference_url

https://github.com/advisories/GHSA-v76w-3ph8-vm66

reference_id

GHSA-v76w-3ph8-vm66

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v76w-3ph8-vm66

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.31.Final

purl pkg:maven/io.undertow/undertow-core@2.2.31.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.31.Final

url pkg:maven/io.undertow/undertow-core@2.3.12.Final

purl pkg:maven/io.undertow/undertow-core@2.3.12.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.12.Final

aliases CVE-2024-1459, GHSA-v76w-3ph8-vm66

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufjr-4tdy-q7hx

url VCID-ut9x-bkp6-mfag

vulnerability_id VCID-ut9x-bkp6-mfag

summary

Undertow vulnerable to Race Condition
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

references

reference_url

https://access.redhat.com/errata/RHSA-2024:11023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:11023

reference_url

https://access.redhat.com/errata/RHSA-2024:6508

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:6508

reference_url

https://access.redhat.com/errata/RHSA-2024:6883

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:6883

reference_url

https://access.redhat.com/errata/RHSA-2024:7441

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:7441

reference_url

https://access.redhat.com/errata/RHSA-2024:7442

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:7442

reference_url

https://access.redhat.com/errata/RHSA-2024:7735

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:7735

reference_url

https://access.redhat.com/errata/RHSA-2024:7736

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:7736

reference_url

https://access.redhat.com/errata/RHSA-2024:8080

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2024:8080

reference_url

https://access.redhat.com/errata/RHSA-2025:16667

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2025:16667

reference_url

https://access.redhat.com/errata/RHSA-2026:0743

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/errata/RHSA-2026:0743

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7885

reference_id

reference_type

scores

value	0.10699
scoring_system	epss
scoring_elements	0.93466
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7885

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2305290

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2305290

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java

reference_url

https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1

reference_url

https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8

reference_url

https://security.netapp.com/advisory/ntap-20241011-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241011-0004

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
reference_id	1082854
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id	cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_id	cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_id	cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id	cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id	cpe:/a:redhat:integration:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id	cpe:/a:redhat:quarkus:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_id	cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0

reference_url

https://access.redhat.com/security/cve/CVE-2024-7885

reference_id

CVE-2024-7885

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/

url

https://access.redhat.com/security/cve/CVE-2024-7885

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-7885

reference_id

CVE-2024-7885

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-7885

reference_url

https://github.com/advisories/GHSA-9623-mqmm-5rcf

reference_id

GHSA-9623-mqmm-5rcf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9623-mqmm-5rcf

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.36.Final

purl pkg:maven/io.undertow/undertow-core@2.2.36.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fmhu-72zm-wucj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.36.Final

url	pkg:maven/io.undertow/undertow-core@2.3.17.Final
purl	pkg:maven/io.undertow/undertow-core@2.3.17.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.17.Final

aliases CVE-2024-7885, GHSA-9623-mqmm-5rcf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ut9x-bkp6-mfag

url VCID-v3z6-4r9w-8yd1

vulnerability_id VCID-v3z6-4r9w-8yd1

summary Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2764

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57573
published_at	2026-06-04T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57626
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2117506
reference_id	2117506
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2117506

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2764
reference_id	CVE-2022-2764
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2764

reference_url	https://access.redhat.com/errata/RHSA-2022:8790
reference_id	RHSA-2022:8790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8790

reference_url	https://access.redhat.com/errata/RHSA-2022:8791
reference_id	RHSA-2022:8791
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8791

reference_url	https://access.redhat.com/errata/RHSA-2022:8792
reference_id	RHSA-2022:8792
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8792

reference_url	https://access.redhat.com/errata/RHSA-2022:8793
reference_id	RHSA-2022:8793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8793

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.20.Final

purl pkg:maven/io.undertow/undertow-core@2.2.20.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-vb58-6kfn-7uaj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final

url pkg:maven/io.undertow/undertow-core@2.3.1.Final

purl pkg:maven/io.undertow/undertow-core@2.3.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final

aliases CVE-2022-2764

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3z6-4r9w-8yd1

url VCID-vb58-6kfn-7uaj

vulnerability_id VCID-vb58-6kfn-7uaj

summary

Uncontrolled Resource Consumption
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:4505

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4505

reference_url

https://access.redhat.com/errata/RHSA-2023:4506

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4506

reference_url

https://access.redhat.com/errata/RHSA-2023:4507

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4507

reference_url

https://access.redhat.com/errata/RHSA-2023:4509

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4509

reference_url

https://access.redhat.com/errata/RHSA-2023:4918

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4918

reference_url

https://access.redhat.com/errata/RHSA-2023:4919

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4919

reference_url

https://access.redhat.com/errata/RHSA-2023:4920

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4920

reference_url

https://access.redhat.com/errata/RHSA-2023:4921

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4921

reference_url

https://access.redhat.com/errata/RHSA-2023:4924

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:4924

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3223

reference_id

reference_type

scores

value	0.00649
scoring_system	epss
scoring_elements	0.71236
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3223

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2209689

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2209689

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231027-0004

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231027-0004

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893
reference_id	1054893
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id	cpe:/a:redhat:integration:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id	cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id	cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
reference_id	cpe:/a:redhat:openstack-optools:13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id	cpe:/a:redhat:quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id	cpe:/a:redhat:service_registry:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2

reference_url

https://access.redhat.com/security/cve/CVE-2023-3223

reference_id

CVE-2023-3223

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/security/cve/CVE-2023-3223

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-3223

reference_id

CVE-2023-3223

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-3223

reference_url	https://github.com/advisories/GHSA-65h2-wf7m-q2v8
reference_id	GHSA-65h2-wf7m-q2v8
reference_type
scores
url	https://github.com/advisories/GHSA-65h2-wf7m-q2v8

reference_url

https://security.netapp.com/advisory/ntap-20231027-0004/

reference_id

ntap-20231027-0004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://security.netapp.com/advisory/ntap-20231027-0004/

reference_url

https://access.redhat.com/errata/RHSA-2023:7247

reference_id

RHSA-2023:7247

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/

url

https://access.redhat.com/errata/RHSA-2023:7247

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.2.24.Final

purl pkg:maven/io.undertow/undertow-core@2.2.24.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final

aliases CVE-2023-3223, GHSA-65h2-wf7m-q2v8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb58-6kfn-7uaj

url VCID-w6r9-g7sc-y3ed

vulnerability_id VCID-w6r9-g7sc-y3ed

summary

Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3888

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.6851
published_at	2026-06-05T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68469
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3888

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

reference_url

https://security.netapp.com/advisory/ntap-20220210-0019

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0019

reference_url	https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220210-0019/

reference_url

http://www.securityfocus.com/bid/108739

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108739

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id	1693777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id	930349
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3888

reference_id

CVE-2019-3888

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3888

reference_url

https://github.com/advisories/GHSA-jwgx-9mmh-684w

reference_id

GHSA-jwgx-9mmh-684w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jwgx-9mmh-684w

reference_url	https://access.redhat.com/errata/RHSA-2019:1419
reference_id	RHSA-2019:1419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1419

reference_url	https://access.redhat.com/errata/RHSA-2019:1420
reference_id	RHSA-2019:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1420

reference_url	https://access.redhat.com/errata/RHSA-2019:1421
reference_id	RHSA-2019:1421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1421

reference_url	https://access.redhat.com/errata/RHSA-2019:1424
reference_id	RHSA-2019:1424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1424

reference_url

https://access.redhat.com/errata/RHSA-2019:2439

reference_id

RHSA-2019:2439

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2439

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.21.Final

purl pkg:maven/io.undertow/undertow-core@2.0.21.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-52hy-69kb-byee

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-6wpa-h8xy-kfh2

vulnerability	VCID-9cnw-cm28-nfeu

vulnerability	VCID-ast2-qxn7-m3ar

vulnerability	VCID-dm2g-eaak-cya7

vulnerability	VCID-ewgw-1sk9-dqhe

vulnerability	VCID-fmhu-72zm-wucj

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-r2k1-7y3z-77hh

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-tqvr-tetp-8ugb

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-ufjr-4tdy-q7hx

vulnerability	VCID-ut9x-bkp6-mfag

vulnerability	VCID-v3z6-4r9w-8yd1

vulnerability	VCID-vb58-6kfn-7uaj

vulnerability	VCID-wz1m-11gx-cfd2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final

url	pkg:maven/io.undertow/undertow-core@2.0.21
purl	pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21

aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6r9-g7sc-y3ed

url VCID-wz1m-11gx-cfd2

vulnerability_id VCID-wz1m-11gx-cfd2

summary undertow: Large AJP request may cause DoS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2053

reference_id

reference_type

scores

value	0.00305
scoring_system	epss
scoring_elements	0.54022
published_at	2026-06-04T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.54079
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2053

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url