Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@1.0.0.Alpha9
Typemaven
Namespaceio.undertow
Nameundertow-core
Version1.0.0.Alpha9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.17
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-1nxp-wx8c-a7gx
vulnerability_id VCID-1nxp-wx8c-a7gx
summary Exposure of Sensitive Information to an Unauthorized Actor in Undertow
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72654
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
reference_id 1628702
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
14
reference_url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
reference_id GHSA-vf6r-mmhc-3xcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.15.Final
purl pkg:maven/io.undertow/undertow-core@2.0.15.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26ru-xpcj-7bcz
1
vulnerability VCID-3cek-y62u-7qas
2
vulnerability VCID-4u9y-nd98-z7fr
3
vulnerability VCID-4yb5-81eu-qubq
4
vulnerability VCID-6bhd-zdh5-5qgz
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-kdkn-2zrf-7ff1
16
vulnerability VCID-kuft-1mgp-u3ep
17
vulnerability VCID-m2ne-5zum-tqbn
18
vulnerability VCID-mz7z-tp7n-3qhd
19
vulnerability VCID-sg32-tewt-ckan
20
vulnerability VCID-u62g-ukw7-5uf2
21
vulnerability VCID-uymv-k8py-mfa9
22
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.15
purl pkg:maven/io.undertow/undertow-core@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15
2
url pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
purl pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nxp-wx8c-a7gx
1
url VCID-26ru-xpcj-7bcz
vulnerability_id VCID-26ru-xpcj-7bcz
summary A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46685
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
5
reference_url https://security.netapp.com/advisory/ntap-20220211-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220211-0001
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
reference_id 1772464
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
9
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
10
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
11
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.29.Final
purl pkg:maven/io.undertow/undertow-core@2.0.29.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cek-y62u-7qas
1
vulnerability VCID-4u9y-nd98-z7fr
2
vulnerability VCID-4yb5-81eu-qubq
3
vulnerability VCID-6bhd-zdh5-5qgz
4
vulnerability VCID-6dvp-ddvr-abh8
5
vulnerability VCID-7ejv-4mka-6fe6
6
vulnerability VCID-925s-414k-bybt
7
vulnerability VCID-byes-xc7r-2fhs
8
vulnerability VCID-c491-1k44-4qfg
9
vulnerability VCID-dfpq-44kb-huew
10
vulnerability VCID-e5cm-rtss-bbfc
11
vulnerability VCID-fdhy-cw72-57cd
12
vulnerability VCID-gga8-ucqw-3bc7
13
vulnerability VCID-kdkn-2zrf-7ff1
14
vulnerability VCID-kuft-1mgp-u3ep
15
vulnerability VCID-m2ne-5zum-tqbn
16
vulnerability VCID-mz7z-tp7n-3qhd
17
vulnerability VCID-u62g-ukw7-5uf2
18
vulnerability VCID-uymv-k8py-mfa9
19
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final
aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26ru-xpcj-7bcz
2
url VCID-3cek-y62u-7qas
vulnerability_id VCID-3cek-y62u-7qas
summary A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64754
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
reference_id 1752770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
5
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
6
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
7
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
8
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
11
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
12
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
13
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
14
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
15
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
16
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
17
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.0
purl pkg:maven/io.undertow/undertow-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hqt-avvb-j7ay
1
vulnerability VCID-byes-xc7r-2fhs
2
vulnerability VCID-c491-1k44-4qfg
3
vulnerability VCID-uymv-k8py-mfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0
1
url pkg:maven/io.undertow/undertow-core@2.1.0.Final
purl pkg:maven/io.undertow/undertow-core@2.1.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-4yb5-81eu-qubq
2
vulnerability VCID-6bhd-zdh5-5qgz
3
vulnerability VCID-6dvp-ddvr-abh8
4
vulnerability VCID-7ejv-4mka-6fe6
5
vulnerability VCID-925s-414k-bybt
6
vulnerability VCID-byes-xc7r-2fhs
7
vulnerability VCID-c491-1k44-4qfg
8
vulnerability VCID-dfpq-44kb-huew
9
vulnerability VCID-e5cm-rtss-bbfc
10
vulnerability VCID-fdhy-cw72-57cd
11
vulnerability VCID-gga8-ucqw-3bc7
12
vulnerability VCID-kdkn-2zrf-7ff1
13
vulnerability VCID-kuft-1mgp-u3ep
14
vulnerability VCID-m2ne-5zum-tqbn
15
vulnerability VCID-mz7z-tp7n-3qhd
16
vulnerability VCID-u62g-ukw7-5uf2
17
vulnerability VCID-uymv-k8py-mfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final
aliases CVE-2020-1757, GHSA-2w73-fqqj-c92p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cek-y62u-7qas
3
url VCID-45bm-ykfp-dugb
vulnerability_id VCID-45bm-ykfp-dugb
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1525
1
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67707
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
5
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
6
reference_url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
7
reference_url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
8
reference_url https://issues.jboss.org/browse/UNDERTOW-1190
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1190
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1503055
reference_id 1503055
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1503055
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
reference_id CVE-2017-12196
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
11
reference_url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
reference_id GHSA-cp7v-vmv7-6x2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
12
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id RHSA-2018:0478
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
13
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id RHSA-2018:0479
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
14
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id RHSA-2018:0480
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
15
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id RHSA-2018:0481
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
16
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id RHSA-2018:3768
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
17
reference_url https://access.redhat.com/errata/RHSA-2020:2561
reference_id RHSA-2020:2561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2561
18
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.19.Final
purl pkg:maven/io.undertow/undertow-core@1.4.19.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-ghz9-w5n1-zkdq
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-m4a2-8fwt-bbb8
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-y5uu-3hgq-6ud1
26
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.24.Final
purl pkg:maven/io.undertow/undertow-core@1.4.24.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-45bm-ykfp-dugb
4
vulnerability VCID-4u9y-nd98-z7fr
5
vulnerability VCID-4yb5-81eu-qubq
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-byes-xc7r-2fhs
10
vulnerability VCID-c491-1k44-4qfg
11
vulnerability VCID-dfpq-44kb-huew
12
vulnerability VCID-e5cm-rtss-bbfc
13
vulnerability VCID-f7x7-afrc-uqcm
14
vulnerability VCID-fdhy-cw72-57cd
15
vulnerability VCID-gga8-ucqw-3bc7
16
vulnerability VCID-ghz9-w5n1-zkdq
17
vulnerability VCID-kdkn-2zrf-7ff1
18
vulnerability VCID-kuft-1mgp-u3ep
19
vulnerability VCID-m2ne-5zum-tqbn
20
vulnerability VCID-m4a2-8fwt-bbb8
21
vulnerability VCID-mz7z-tp7n-3qhd
22
vulnerability VCID-sg32-tewt-ckan
23
vulnerability VCID-u62g-ukw7-5uf2
24
vulnerability VCID-uymv-k8py-mfa9
25
vulnerability VCID-xdvz-febf-ybgz
26
vulnerability VCID-y5uu-3hgq-6ud1
27
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final
2
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-ghz9-w5n1-zkdq
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-m4a2-8fwt-bbb8
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
3
url pkg:maven/io.undertow/undertow-core@2.0.2.FInal
purl pkg:maven/io.undertow/undertow-core@2.0.2.FInal
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal
4
url pkg:maven/io.undertow/undertow-core@2.0.3.Final
purl pkg:maven/io.undertow/undertow-core@2.0.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6bhd-zdh5-5qgz
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-byes-xc7r-2fhs
10
vulnerability VCID-c491-1k44-4qfg
11
vulnerability VCID-dfpq-44kb-huew
12
vulnerability VCID-e5cm-rtss-bbfc
13
vulnerability VCID-f7x7-afrc-uqcm
14
vulnerability VCID-fdhy-cw72-57cd
15
vulnerability VCID-gga8-ucqw-3bc7
16
vulnerability VCID-ghz9-w5n1-zkdq
17
vulnerability VCID-kdkn-2zrf-7ff1
18
vulnerability VCID-kuft-1mgp-u3ep
19
vulnerability VCID-m2ne-5zum-tqbn
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-y5uu-3hgq-6ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final
aliases CVE-2017-12196, GHSA-cp7v-vmv7-6x2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45bm-ykfp-dugb
4
url VCID-4u9y-nd98-z7fr
vulnerability_id VCID-4u9y-nd98-z7fr
summary A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
reference_id
reference_type
scores
0
value 0.10699
scoring_system epss
scoring_elements 0.93486
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
4
reference_url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
5
reference_url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
6
reference_url https://security.netapp.com/advisory/ntap-20241011-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0004
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
reference_id 1082854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_id cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id cpe:/a:redhat:quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_id cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
30
reference_url https://access.redhat.com/security/cve/CVE-2024-7885
reference_id CVE-2024-7885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/security/cve/CVE-2024-7885
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
reference_id CVE-2024-7885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
32
reference_url https://github.com/advisories/GHSA-9623-mqmm-5rcf
reference_id GHSA-9623-mqmm-5rcf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9623-mqmm-5rcf
33
reference_url https://access.redhat.com/errata/RHSA-2024:11023
reference_id RHSA-2024:11023
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:11023
34
reference_url https://access.redhat.com/errata/RHSA-2024:6508
reference_id RHSA-2024:6508
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6508
35
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id RHSA-2024:6883
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6883
36
reference_url https://access.redhat.com/errata/RHSA-2024:7441
reference_id RHSA-2024:7441
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7441
37
reference_url https://access.redhat.com/errata/RHSA-2024:7442
reference_id RHSA-2024:7442
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7442
38
reference_url https://access.redhat.com/errata/RHSA-2024:7735
reference_id RHSA-2024:7735
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7735
39
reference_url https://access.redhat.com/errata/RHSA-2024:7736
reference_id RHSA-2024:7736
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7736
40
reference_url https://access.redhat.com/errata/RHSA-2024:8080
reference_id RHSA-2024:8080
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:8080
41
reference_url https://access.redhat.com/errata/RHSA-2025:16667
reference_id RHSA-2025:16667
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2025:16667
42
reference_url https://access.redhat.com/errata/RHSA-2026:0743
reference_id RHSA-2026:0743
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2026:0743
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
reference_id show_bug.cgi?id=2305290
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.36.Final
purl pkg:maven/io.undertow/undertow-core@2.2.36.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fdhy-cw72-57cd
1
vulnerability VCID-kdkn-2zrf-7ff1
2
vulnerability VCID-mz7z-tp7n-3qhd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.36.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.17.Final
purl pkg:maven/io.undertow/undertow-core@2.3.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fdhy-cw72-57cd
1
vulnerability VCID-kdkn-2zrf-7ff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.17.Final
aliases CVE-2024-7885, GHSA-9623-mqmm-5rcf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9y-nd98-z7fr
5
url VCID-4yb5-81eu-qubq
vulnerability_id VCID-4yb5-81eu-qubq
summary A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53666
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
3
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
reference_id 1803241
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
6
reference_url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
reference_id GHSA-g4cp-h53p-v3v8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
7
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
8
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
9
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
10
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
11
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
12
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
13
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
14
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
15
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
16
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
17
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-byes-xc7r-2fhs
5
vulnerability VCID-c491-1k44-4qfg
6
vulnerability VCID-dfpq-44kb-huew
7
vulnerability VCID-e5cm-rtss-bbfc
8
vulnerability VCID-fdhy-cw72-57cd
9
vulnerability VCID-gga8-ucqw-3bc7
10
vulnerability VCID-kdkn-2zrf-7ff1
11
vulnerability VCID-kuft-1mgp-u3ep
12
vulnerability VCID-m2ne-5zum-tqbn
13
vulnerability VCID-mz7z-tp7n-3qhd
14
vulnerability VCID-u62g-ukw7-5uf2
15
vulnerability VCID-uymv-k8py-mfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yb5-81eu-qubq
6
url VCID-5yva-1hua-a3af
vulnerability_id VCID-5yva-1hua-a3af
summary
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90869
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
6
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
7
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
reference_id 1438885
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
11
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id GHSA-3x7h-5hfr-hvjm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
12
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
13
reference_url https://access.redhat.com/errata/RHSA-2017:1410
reference_id RHSA-2017:1410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1410
14
reference_url https://access.redhat.com/errata/RHSA-2017:1411
reference_id RHSA-2017:1411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1411
15
reference_url https://access.redhat.com/errata/RHSA-2017:1412
reference_id RHSA-2017:1412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1412
16
reference_url https://access.redhat.com/errata/RHSA-2018:0501
reference_id RHSA-2018:0501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0501
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.28
purl pkg:maven/io.undertow/undertow-core@1.3.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28
1
url pkg:maven/io.undertow/undertow-core@1.3.28.Final
purl pkg:maven/io.undertow/undertow-core@1.3.28.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-45bm-ykfp-dugb
4
vulnerability VCID-4u9y-nd98-z7fr
5
vulnerability VCID-4yb5-81eu-qubq
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-b827-wz12-qye3
10
vulnerability VCID-byes-xc7r-2fhs
11
vulnerability VCID-c491-1k44-4qfg
12
vulnerability VCID-dfpq-44kb-huew
13
vulnerability VCID-e5cm-rtss-bbfc
14
vulnerability VCID-f7x7-afrc-uqcm
15
vulnerability VCID-fdhy-cw72-57cd
16
vulnerability VCID-gga8-ucqw-3bc7
17
vulnerability VCID-ghz9-w5n1-zkdq
18
vulnerability VCID-kdkn-2zrf-7ff1
19
vulnerability VCID-kuft-1mgp-u3ep
20
vulnerability VCID-m2ne-5zum-tqbn
21
vulnerability VCID-m4a2-8fwt-bbb8
22
vulnerability VCID-mz7z-tp7n-3qhd
23
vulnerability VCID-sg32-tewt-ckan
24
vulnerability VCID-u62g-ukw7-5uf2
25
vulnerability VCID-uham-4wab-h3h7
26
vulnerability VCID-uymv-k8py-mfa9
27
vulnerability VCID-xdvz-febf-ybgz
28
vulnerability VCID-y5uu-3hgq-6ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yva-1hua-a3af
7
url VCID-6dvp-ddvr-abh8
vulnerability_id VCID-6dvp-ddvr-abh8
summary Undertow vulnerable to Dos via Large AJP request
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55446
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/pull/1350
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1350
5
reference_url https://issues.redhat.com/browse/UNDERTOW-2133
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2133
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
reference_id 2095862
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
reference_id CVE-2022-2053
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
8
reference_url https://github.com/advisories/GHSA-95rf-557x-44g5
reference_id GHSA-95rf-557x-44g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95rf-557x-44g5
9
reference_url https://access.redhat.com/errata/RHSA-2022:6821
reference_id RHSA-2022:6821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6821
10
reference_url https://access.redhat.com/errata/RHSA-2022:6822
reference_id RHSA-2022:6822
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6822
11
reference_url https://access.redhat.com/errata/RHSA-2022:6823
reference_id RHSA-2022:6823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6823
12
reference_url https://access.redhat.com/errata/RHSA-2022:6825
reference_id RHSA-2022:6825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6825
13
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
14
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id RHSA-2025:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4226
15
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.19.Final
purl pkg:maven/io.undertow/undertow-core@2.2.19.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-7ejv-4mka-6fe6
3
vulnerability VCID-dfpq-44kb-huew
4
vulnerability VCID-fdhy-cw72-57cd
5
vulnerability VCID-gga8-ucqw-3bc7
6
vulnerability VCID-kdkn-2zrf-7ff1
7
vulnerability VCID-kuft-1mgp-u3ep
8
vulnerability VCID-m2ne-5zum-tqbn
9
vulnerability VCID-mz7z-tp7n-3qhd
10
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2
purl pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-mz7z-tp7n-3qhd
5
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2
2
url pkg:maven/io.undertow/undertow-core@2.3.1.Final
purl pkg:maven/io.undertow/undertow-core@2.3.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-m2ne-5zum-tqbn
5
vulnerability VCID-mz7z-tp7n-3qhd
6
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final
aliases CVE-2022-2053, GHSA-95rf-557x-44g5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dvp-ddvr-abh8
8
url VCID-7ejv-4mka-6fe6
vulnerability_id VCID-7ejv-4mka-6fe6
summary A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1259
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63603
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1259
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2072339
reference_id 2072339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2072339
3
reference_url https://access.redhat.com/security/cve/CVE-2022-1259
reference_id CVE-2022-1259
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1259
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1259
reference_id CVE-2022-1259
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1259
5
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
6
reference_url https://access.redhat.com/errata/RHSA-2022:6821
reference_id RHSA-2022:6821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6821
7
reference_url https://access.redhat.com/errata/RHSA-2022:6822
reference_id RHSA-2022:6822
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6822
8
reference_url https://access.redhat.com/errata/RHSA-2022:6823
reference_id RHSA-2022:6823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6823
9
reference_url https://access.redhat.com/errata/RHSA-2022:6825
reference_id RHSA-2022:6825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6825
10
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
11
reference_url https://access.redhat.com/errata/RHSA-2025:9582
reference_id RHSA-2025:9582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9582
12
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.20.Final
purl pkg:maven/io.undertow/undertow-core@2.2.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-kuft-1mgp-u3ep
5
vulnerability VCID-m2ne-5zum-tqbn
6
vulnerability VCID-mz7z-tp7n-3qhd
7
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final
aliases CVE-2022-1259
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ejv-4mka-6fe6
9
url VCID-925s-414k-bybt
vulnerability_id VCID-925s-414k-bybt
summary A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37585
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
reference_id 1828459
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id 969913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
8
reference_url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
reference_id GHSA-cccf-7xw3-p2vr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
9
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
10
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
11
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
12
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
13
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
14
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
15
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
16
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
17
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
18
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
19
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
20
reference_url https://access.redhat.com/errata/RHSA-2021:3140
reference_id RHSA-2021:3140
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3140
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-byes-xc7r-2fhs
5
vulnerability VCID-c491-1k44-4qfg
6
vulnerability VCID-dfpq-44kb-huew
7
vulnerability VCID-e5cm-rtss-bbfc
8
vulnerability VCID-fdhy-cw72-57cd
9
vulnerability VCID-gga8-ucqw-3bc7
10
vulnerability VCID-kdkn-2zrf-7ff1
11
vulnerability VCID-kuft-1mgp-u3ep
12
vulnerability VCID-m2ne-5zum-tqbn
13
vulnerability VCID-mz7z-tp7n-3qhd
14
vulnerability VCID-u62g-ukw7-5uf2
15
vulnerability VCID-uymv-k8py-mfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-925s-414k-bybt
10
url VCID-byes-xc7r-2fhs
vulnerability_id VCID-byes-xc7r-2fhs
summary Undertow Uncontrolled Resource Consumption
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.53045
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://security.netapp.com/advisory/ntap-20220729-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0008
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
reference_id CVE-2021-3629
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
7
reference_url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
reference_id GHSA-rf6q-vx79-mjxr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
8
reference_url https://access.redhat.com/errata/RHSA-2021:4676
reference_id RHSA-2021:4676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4676
9
reference_url https://access.redhat.com/errata/RHSA-2021:4677
reference_id RHSA-2021:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4677
10
reference_url https://access.redhat.com/errata/RHSA-2021:4679
reference_id RHSA-2021:4679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4679
11
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
12
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
13
reference_url https://access.redhat.com/errata/RHSA-2021:5149
reference_id RHSA-2021:5149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5149
14
reference_url https://access.redhat.com/errata/RHSA-2021:5150
reference_id RHSA-2021:5150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5150
15
reference_url https://access.redhat.com/errata/RHSA-2021:5151
reference_id RHSA-2021:5151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5151
16
reference_url https://access.redhat.com/errata/RHSA-2021:5154
reference_id RHSA-2021:5154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5154
17
reference_url https://access.redhat.com/errata/RHSA-2021:5170
reference_id RHSA-2021:5170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5170
18
reference_url https://access.redhat.com/errata/RHSA-2022:0146
reference_id RHSA-2022:0146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0146
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
20
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
21
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.40.Final
purl pkg:maven/io.undertow/undertow-core@2.0.40.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cek-y62u-7qas
1
vulnerability VCID-4u9y-nd98-z7fr
2
vulnerability VCID-4yb5-81eu-qubq
3
vulnerability VCID-6bhd-zdh5-5qgz
4
vulnerability VCID-6dvp-ddvr-abh8
5
vulnerability VCID-7ejv-4mka-6fe6
6
vulnerability VCID-925s-414k-bybt
7
vulnerability VCID-dfpq-44kb-huew
8
vulnerability VCID-e5cm-rtss-bbfc
9
vulnerability VCID-fdhy-cw72-57cd
10
vulnerability VCID-gga8-ucqw-3bc7
11
vulnerability VCID-kdkn-2zrf-7ff1
12
vulnerability VCID-kuft-1mgp-u3ep
13
vulnerability VCID-m2ne-5zum-tqbn
14
vulnerability VCID-mz7z-tp7n-3qhd
15
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final
1
url pkg:maven/io.undertow/undertow-core@2.2.11.Final
purl pkg:maven/io.undertow/undertow-core@2.2.11.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-dfpq-44kb-huew
5
vulnerability VCID-fdhy-cw72-57cd
6
vulnerability VCID-gga8-ucqw-3bc7
7
vulnerability VCID-kdkn-2zrf-7ff1
8
vulnerability VCID-kuft-1mgp-u3ep
9
vulnerability VCID-m2ne-5zum-tqbn
10
vulnerability VCID-mz7z-tp7n-3qhd
11
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final
aliases CVE-2021-3629, GHSA-rf6q-vx79-mjxr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byes-xc7r-2fhs
11
url VCID-c491-1k44-4qfg
vulnerability_id VCID-c491-1k44-4qfg
summary undertow Race Condition vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37936
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://security.netapp.com/advisory/ntap-20220804-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220804-0003
5
reference_url https://security.netapp.com/advisory/ntap-20220804-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220804-0003/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
reference_id 989861
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
reference_id CVE-2021-3597
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
8
reference_url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
reference_id GHSA-mfhv-gwf8-4m88
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
9
reference_url https://access.redhat.com/errata/RHSA-2021:3466
reference_id RHSA-2021:3466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3466
10
reference_url https://access.redhat.com/errata/RHSA-2021:3467
reference_id RHSA-2021:3467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3467
11
reference_url https://access.redhat.com/errata/RHSA-2021:3468
reference_id RHSA-2021:3468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3468
12
reference_url https://access.redhat.com/errata/RHSA-2021:3471
reference_id RHSA-2021:3471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3471
13
reference_url https://access.redhat.com/errata/RHSA-2021:3516
reference_id RHSA-2021:3516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3516
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
15
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
16
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
17
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
18
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.39.Final
purl pkg:maven/io.undertow/undertow-core@2.0.39.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cek-y62u-7qas
1
vulnerability VCID-4u9y-nd98-z7fr
2
vulnerability VCID-4yb5-81eu-qubq
3
vulnerability VCID-6bhd-zdh5-5qgz
4
vulnerability VCID-6dvp-ddvr-abh8
5
vulnerability VCID-7ejv-4mka-6fe6
6
vulnerability VCID-925s-414k-bybt
7
vulnerability VCID-byes-xc7r-2fhs
8
vulnerability VCID-dfpq-44kb-huew
9
vulnerability VCID-e5cm-rtss-bbfc
10
vulnerability VCID-fdhy-cw72-57cd
11
vulnerability VCID-gga8-ucqw-3bc7
12
vulnerability VCID-kdkn-2zrf-7ff1
13
vulnerability VCID-kuft-1mgp-u3ep
14
vulnerability VCID-m2ne-5zum-tqbn
15
vulnerability VCID-mz7z-tp7n-3qhd
16
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.39.Final
1
url pkg:maven/io.undertow/undertow-core@2.2.9.Final
purl pkg:maven/io.undertow/undertow-core@2.2.9.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-byes-xc7r-2fhs
5
vulnerability VCID-dfpq-44kb-huew
6
vulnerability VCID-fdhy-cw72-57cd
7
vulnerability VCID-gga8-ucqw-3bc7
8
vulnerability VCID-kdkn-2zrf-7ff1
9
vulnerability VCID-kuft-1mgp-u3ep
10
vulnerability VCID-m2ne-5zum-tqbn
11
vulnerability VCID-mz7z-tp7n-3qhd
12
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final
aliases CVE-2021-3597, GHSA-mfhv-gwf8-4m88
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c491-1k44-4qfg
12
url VCID-dfpq-44kb-huew
vulnerability_id VCID-dfpq-44kb-huew
summary A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1459
reference_id
reference_type
scores
0
value 0.10104
scoring_system epss
scoring_elements 0.93256
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1459
2
reference_url https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
3
reference_url https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
4
reference_url https://github.com/undertow-io/undertow/pull/1556
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1556
5
reference_url https://issues.redhat.com/browse/UNDERTOW-2339
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2339
6
reference_url https://security.netapp.com/advisory/ntap-20241122-0008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241122-0008
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
reference_id 1068816
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
22
reference_url https://access.redhat.com/security/cve/CVE-2024-1459
reference_id CVE-2024-1459
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/security/cve/CVE-2024-1459
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1459
reference_id CVE-2024-1459
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1459
24
reference_url https://github.com/advisories/GHSA-v76w-3ph8-vm66
reference_id GHSA-v76w-3ph8-vm66
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v76w-3ph8-vm66
25
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id RHSA-2024:1674
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1674
26
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id RHSA-2024:1675
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1675
27
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id RHSA-2024:1676
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:1676
28
reference_url https://access.redhat.com/errata/RHSA-2024:2763
reference_id RHSA-2024:2763
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:2763
29
reference_url https://access.redhat.com/errata/RHSA-2024:2764
reference_id RHSA-2024:2764
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://access.redhat.com/errata/RHSA-2024:2764
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259475
reference_id show_bug.cgi?id=2259475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2259475
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.31.Final
purl pkg:maven/io.undertow/undertow-core@2.2.31.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-fdhy-cw72-57cd
2
vulnerability VCID-kdkn-2zrf-7ff1
3
vulnerability VCID-mz7z-tp7n-3qhd
4
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.31.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.12.Final
purl pkg:maven/io.undertow/undertow-core@2.3.12.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-fdhy-cw72-57cd
2
vulnerability VCID-kdkn-2zrf-7ff1
3
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.12.Final
aliases CVE-2024-1459, GHSA-v76w-3ph8-vm66
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfpq-44kb-huew
13
url VCID-e5cm-rtss-bbfc
vulnerability_id VCID-e5cm-rtss-bbfc
summary A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.30964
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
2
reference_url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0015
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0015
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0015/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0015/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
reference_id 1785049
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
7
reference_url https://github.com/advisories/GHSA-p9w3-gwc2-cr49
reference_id GHSA-p9w3-gwc2-cr49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9w3-gwc2-cr49
8
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
9
reference_url https://access.redhat.com/errata/RHSA-2020:3461
reference_id RHSA-2020:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3461
10
reference_url https://access.redhat.com/errata/RHSA-2020:3462
reference_id RHSA-2020:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3462
11
reference_url https://access.redhat.com/errata/RHSA-2020:3463
reference_id RHSA-2020:3463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3463
12
reference_url https://access.redhat.com/errata/RHSA-2020:3464
reference_id RHSA-2020:3464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3464
13
reference_url https://access.redhat.com/errata/RHSA-2020:3501
reference_id RHSA-2020:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3501
14
reference_url https://access.redhat.com/errata/RHSA-2020:3637
reference_id RHSA-2020:3637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3637
15
reference_url https://access.redhat.com/errata/RHSA-2020:3638
reference_id RHSA-2020:3638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3638
16
reference_url https://access.redhat.com/errata/RHSA-2020:3639
reference_id RHSA-2020:3639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3639
17
reference_url https://access.redhat.com/errata/RHSA-2020:3642
reference_id RHSA-2020:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3642
18
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
19
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
20
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
21
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.0.Final
purl pkg:maven/io.undertow/undertow-core@2.2.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-byes-xc7r-2fhs
5
vulnerability VCID-c491-1k44-4qfg
6
vulnerability VCID-dfpq-44kb-huew
7
vulnerability VCID-fdhy-cw72-57cd
8
vulnerability VCID-gga8-ucqw-3bc7
9
vulnerability VCID-kdkn-2zrf-7ff1
10
vulnerability VCID-kuft-1mgp-u3ep
11
vulnerability VCID-m2ne-5zum-tqbn
12
vulnerability VCID-mz7z-tp7n-3qhd
13
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final
aliases CVE-2020-10687, GHSA-p9w3-gwc2-cr49
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5cm-rtss-bbfc
14
url VCID-f7x7-afrc-uqcm
vulnerability_id VCID-f7x7-afrc-uqcm
summary Credential exposure through log files in Undertow
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68571
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0019/
7
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id 1693777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
11
reference_url https://github.com/advisories/GHSA-jwgx-9mmh-684w
reference_id GHSA-jwgx-9mmh-684w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwgx-9mmh-684w
12
reference_url https://access.redhat.com/errata/RHSA-2019:1419
reference_id RHSA-2019:1419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1419
13
reference_url https://access.redhat.com/errata/RHSA-2019:1420
reference_id RHSA-2019:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1420
14
reference_url https://access.redhat.com/errata/RHSA-2019:1421
reference_id RHSA-2019:1421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1421
15
reference_url https://access.redhat.com/errata/RHSA-2019:1424
reference_id RHSA-2019:1424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1424
16
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id RHSA-2019:1456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1456
17
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id RHSA-2020:0727
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
18
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.21
purl pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21
1
url pkg:maven/io.undertow/undertow-core@2.0.21.Final
purl pkg:maven/io.undertow/undertow-core@2.0.21.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26ru-xpcj-7bcz
1
vulnerability VCID-3cek-y62u-7qas
2
vulnerability VCID-4u9y-nd98-z7fr
3
vulnerability VCID-4yb5-81eu-qubq
4
vulnerability VCID-6bhd-zdh5-5qgz
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-fdhy-cw72-57cd
13
vulnerability VCID-gga8-ucqw-3bc7
14
vulnerability VCID-kdkn-2zrf-7ff1
15
vulnerability VCID-kuft-1mgp-u3ep
16
vulnerability VCID-m2ne-5zum-tqbn
17
vulnerability VCID-mz7z-tp7n-3qhd
18
vulnerability VCID-u62g-ukw7-5uf2
19
vulnerability VCID-uymv-k8py-mfa9
20
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f7x7-afrc-uqcm
15
url VCID-fdhy-cw72-57cd
vulnerability_id VCID-fdhy-cw72-57cd
summary A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-9784
reference_id
reference_type
scores
0
value 0.02234
scoring_system epss
scoring_elements 0.84899
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-9784
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/pull/1802
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1802
4
reference_url https://github.com/undertow-io/undertow/pull/1803
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1803
5
reference_url https://github.com/undertow-io/undertow/pull/1804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1804
6
reference_url https://github.com/undertow-io/undertow/pull/1805
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1805
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-9784
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-9784
8
reference_url https://www.kb.cert.org/vuls/id/767506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/767506
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694
reference_id 1117694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694
10
reference_url https://github.com/undertow-io/undertow/pull/1778
reference_id 1778
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://github.com/undertow-io/undertow/pull/1778
11
reference_url https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
reference_id 2.2.38.Final
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
12
reference_url https://kb.cert.org/vuls/id/767506
reference_id 767506
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://kb.cert.org/vuls/id/767506
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.14
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
33
reference_url https://access.redhat.com/security/cve/CVE-2025-9784
reference_id CVE-2025-9784
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/security/cve/CVE-2025-9784
34
reference_url https://github.com/advisories/GHSA-95h4-w6j8-2rp8
reference_id GHSA-95h4-w6j8-2rp8
reference_type
scores
url https://github.com/advisories/GHSA-95h4-w6j8-2rp8
35
reference_url https://access.redhat.com/errata/RHSA-2025:23143
reference_id RHSA-2025:23143
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2025:23143
36
reference_url https://access.redhat.com/errata/RHSA-2026:0383
reference_id RHSA-2026:0383
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0383
37
reference_url https://access.redhat.com/errata/RHSA-2026:0384
reference_id RHSA-2026:0384
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0384
38
reference_url https://access.redhat.com/errata/RHSA-2026:0386
reference_id RHSA-2026:0386
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:0386
39
reference_url https://access.redhat.com/errata/RHSA-2026:3889
reference_id RHSA-2026:3889
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3889
40
reference_url https://access.redhat.com/errata/RHSA-2026:3891
reference_id RHSA-2026:3891
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3891
41
reference_url https://access.redhat.com/errata/RHSA-2026:3892
reference_id RHSA-2026:3892
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:3892
42
reference_url https://access.redhat.com/errata/RHSA-2026:4915
reference_id RHSA-2026:4915
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4915
43
reference_url https://access.redhat.com/errata/RHSA-2026:4916
reference_id RHSA-2026:4916
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4916
44
reference_url https://access.redhat.com/errata/RHSA-2026:4917
reference_id RHSA-2026:4917
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4917
45
reference_url https://access.redhat.com/errata/RHSA-2026:4924
reference_id RHSA-2026:4924
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://access.redhat.com/errata/RHSA-2026:4924
46
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392306
reference_id show_bug.cgi?id=2392306
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2392306
47
reference_url https://issues.redhat.com/browse/UNDERTOW-2598
reference_id UNDERTOW-2598
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/
url https://issues.redhat.com/browse/UNDERTOW-2598
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.38.Final
purl pkg:maven/io.undertow/undertow-core@2.2.38.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kdkn-2zrf-7ff1
1
vulnerability VCID-mz7z-tp7n-3qhd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.38.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.20.Final
purl pkg:maven/io.undertow/undertow-core@2.3.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kdkn-2zrf-7ff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.20.Final
aliases CVE-2025-9784, GHSA-95h4-w6j8-2rp8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdhy-cw72-57cd
16
url VCID-gga8-ucqw-3bc7
vulnerability_id VCID-gga8-ucqw-3bc7
summary A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
reference_id
reference_type
scores
0
value 0.00606
scoring_system epss
scoring_elements 0.70139
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
2
reference_url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
3
reference_url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
4
reference_url https://issues.redhat.com/browse/UNDERTOW-2060
reference_id
reference_type
scores
url https://issues.redhat.com/browse/UNDERTOW-2060
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
reference_id 2073890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
7
reference_url https://access.redhat.com/security/cve/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1319
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
9
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
10
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
11
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
12
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
13
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
14
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
15
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
16
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
17
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
18
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id RHSA-2025:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4226
19
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.17.Final
purl pkg:maven/io.undertow/undertow-core@2.2.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-dfpq-44kb-huew
5
vulnerability VCID-fdhy-cw72-57cd
6
vulnerability VCID-kdkn-2zrf-7ff1
7
vulnerability VCID-kuft-1mgp-u3ep
8
vulnerability VCID-m2ne-5zum-tqbn
9
vulnerability VCID-mz7z-tp7n-3qhd
10
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17.Final
1
url pkg:maven/io.undertow/undertow-core@2.2.20.Final
purl pkg:maven/io.undertow/undertow-core@2.2.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-kuft-1mgp-u3ep
5
vulnerability VCID-m2ne-5zum-tqbn
6
vulnerability VCID-mz7z-tp7n-3qhd
7
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final
2
url pkg:maven/io.undertow/undertow-core@2.3.1.Final
purl pkg:maven/io.undertow/undertow-core@2.3.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-m2ne-5zum-tqbn
5
vulnerability VCID-mz7z-tp7n-3qhd
6
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final
aliases CVE-2022-1319
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gga8-ucqw-3bc7
17
url VCID-ghz9-w5n1-zkdq
vulnerability_id VCID-ghz9-w5n1-zkdq
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.7263
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
5
reference_url https://bugs.openjdk.java.net/browse/JDK-6956385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.openjdk.java.net/browse/JDK-6956385
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
7
reference_url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
8
reference_url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
9
reference_url https://issues.jboss.org/browse/UNDERTOW-1338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1338
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
reference_id 1573045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id 897247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
reference_id CVE-2018-1114
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
13
reference_url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
reference_id GHSA-gjjx-gqm4-wcgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-ghz9-w5n1-zkdq
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-m4a2-8fwt-bbb8
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6bhd-zdh5-5qgz
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-byes-xc7r-2fhs
10
vulnerability VCID-c491-1k44-4qfg
11
vulnerability VCID-dfpq-44kb-huew
12
vulnerability VCID-e5cm-rtss-bbfc
13
vulnerability VCID-f7x7-afrc-uqcm
14
vulnerability VCID-fdhy-cw72-57cd
15
vulnerability VCID-gga8-ucqw-3bc7
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-mz7z-tp7n-3qhd
20
vulnerability VCID-sg32-tewt-ckan
21
vulnerability VCID-u62g-ukw7-5uf2
22
vulnerability VCID-uymv-k8py-mfa9
23
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
2
url pkg:maven/io.undertow/undertow-core@2.0.5
purl pkg:maven/io.undertow/undertow-core@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5
aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghz9-w5n1-zkdq
18
url VCID-jfsy-sgsq-qybs
vulnerability_id VCID-jfsy-sgsq-qybs
summary Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
reference_id
reference_type
scores
0
value 0.55155
scoring_system epss
scoring_elements 0.98103
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
2
reference_url http://seclists.org/oss-sec/2014/q4/830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/830
3
reference_url https://issues.jboss.org/browse/UNDERTOW-338
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-338
4
reference_url https://issues.jboss.org/browse/WFLY-4020
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/WFLY-4020
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
6
reference_url http://www.securityfocus.com/bid/71328
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/71328
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
reference_id 1157478
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
8
reference_url https://bugzilla.redhat.com/CVE-2014-7816
reference_id CVE-2014-7816
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-7816
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.0.17
purl pkg:maven/io.undertow/undertow-core@1.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.17
1
url pkg:maven/io.undertow/undertow-core@1.0.17.Final
purl pkg:maven/io.undertow/undertow-core@1.0.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-45bm-ykfp-dugb
4
vulnerability VCID-4u9y-nd98-z7fr
5
vulnerability VCID-4yb5-81eu-qubq
6
vulnerability VCID-5age-ykyt-ryex
7
vulnerability VCID-5yva-1hua-a3af
8
vulnerability VCID-6dvp-ddvr-abh8
9
vulnerability VCID-7ejv-4mka-6fe6
10
vulnerability VCID-925s-414k-bybt
11
vulnerability VCID-b827-wz12-qye3
12
vulnerability VCID-byes-xc7r-2fhs
13
vulnerability VCID-c491-1k44-4qfg
14
vulnerability VCID-dfpq-44kb-huew
15
vulnerability VCID-e5cm-rtss-bbfc
16
vulnerability VCID-f7x7-afrc-uqcm
17
vulnerability VCID-fdhy-cw72-57cd
18
vulnerability VCID-gga8-ucqw-3bc7
19
vulnerability VCID-ghz9-w5n1-zkdq
20
vulnerability VCID-kdkn-2zrf-7ff1
21
vulnerability VCID-kuft-1mgp-u3ep
22
vulnerability VCID-m2ne-5zum-tqbn
23
vulnerability VCID-m4a2-8fwt-bbb8
24
vulnerability VCID-mz7z-tp7n-3qhd
25
vulnerability VCID-sg32-tewt-ckan
26
vulnerability VCID-u62g-ukw7-5uf2
27
vulnerability VCID-uymv-k8py-mfa9
28
vulnerability VCID-xdvz-febf-ybgz
29
vulnerability VCID-y5uu-3hgq-6ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.17.Final
2
url pkg:maven/io.undertow/undertow-core@1.1.0.CR5
purl pkg:maven/io.undertow/undertow-core@1.1.0.CR5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-45bm-ykfp-dugb
4
vulnerability VCID-4u9y-nd98-z7fr
5
vulnerability VCID-4yb5-81eu-qubq
6
vulnerability VCID-5age-ykyt-ryex
7
vulnerability VCID-5yva-1hua-a3af
8
vulnerability VCID-6dvp-ddvr-abh8
9
vulnerability VCID-7ejv-4mka-6fe6
10
vulnerability VCID-925s-414k-bybt
11
vulnerability VCID-b827-wz12-qye3
12
vulnerability VCID-byes-xc7r-2fhs
13
vulnerability VCID-c491-1k44-4qfg
14
vulnerability VCID-dfpq-44kb-huew
15
vulnerability VCID-e5cm-rtss-bbfc
16
vulnerability VCID-f7x7-afrc-uqcm
17
vulnerability VCID-fdhy-cw72-57cd
18
vulnerability VCID-gga8-ucqw-3bc7
19
vulnerability VCID-ghz9-w5n1-zkdq
20
vulnerability VCID-kdkn-2zrf-7ff1
21
vulnerability VCID-kuft-1mgp-u3ep
22
vulnerability VCID-m2ne-5zum-tqbn
23
vulnerability VCID-m4a2-8fwt-bbb8
24
vulnerability VCID-mz7z-tp7n-3qhd
25
vulnerability VCID-sg32-tewt-ckan
26
vulnerability VCID-u62g-ukw7-5uf2
27
vulnerability VCID-uymv-k8py-mfa9
28
vulnerability VCID-xdvz-febf-ybgz
29
vulnerability VCID-y5uu-3hgq-6ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.1.0.CR5
3
url pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
purl pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-45bm-ykfp-dugb
4
vulnerability VCID-4u9y-nd98-z7fr
5
vulnerability VCID-4yb5-81eu-qubq
6
vulnerability VCID-5age-ykyt-ryex
7
vulnerability VCID-5yva-1hua-a3af
8
vulnerability VCID-6dvp-ddvr-abh8
9
vulnerability VCID-7ejv-4mka-6fe6
10
vulnerability VCID-925s-414k-bybt
11
vulnerability VCID-b827-wz12-qye3
12
vulnerability VCID-byes-xc7r-2fhs
13
vulnerability VCID-c491-1k44-4qfg
14
vulnerability VCID-dfpq-44kb-huew
15
vulnerability VCID-e5cm-rtss-bbfc
16
vulnerability VCID-f7x7-afrc-uqcm
17
vulnerability VCID-fdhy-cw72-57cd
18
vulnerability VCID-gga8-ucqw-3bc7
19
vulnerability VCID-ghz9-w5n1-zkdq
20
vulnerability VCID-kdkn-2zrf-7ff1
21
vulnerability VCID-kuft-1mgp-u3ep
22
vulnerability VCID-m2ne-5zum-tqbn
23
vulnerability VCID-m4a2-8fwt-bbb8
24
vulnerability VCID-mz7z-tp7n-3qhd
25
vulnerability VCID-sg32-tewt-ckan
26
vulnerability VCID-u62g-ukw7-5uf2
27
vulnerability VCID-uymv-k8py-mfa9
28
vulnerability VCID-xdvz-febf-ybgz
29
vulnerability VCID-y5uu-3hgq-6ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
aliases CVE-2014-7816, GHSA-h6p6-fc4w-cqhx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfsy-sgsq-qybs
19
url VCID-kdkn-2zrf-7ff1
vulnerability_id VCID-kdkn-2zrf-7ff1
summary A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3260
reference_id
reference_type
scores
0
value 0.00494
scoring_system epss
scoring_elements 0.66166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3260
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3260
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3260
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949
reference_id 1134949
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
reference_id cpe:/a:redhat:camel_spring_boot:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
18
reference_url https://access.redhat.com/security/cve/CVE-2026-3260
reference_id CVE-2026-3260
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/
url https://access.redhat.com/security/cve/CVE-2026-3260
19
reference_url https://github.com/advisories/GHSA-3x3v-w654-m28m
reference_id GHSA-3x3v-w654-m28m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x3v-w654-m28m
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443010
reference_id show_bug.cgi?id=2443010
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443010
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.4.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.4.0.Beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.4.0.Beta1
aliases CVE-2026-3260, GHSA-3x3v-w654-m28m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkn-2zrf-7ff1
20
url VCID-kuft-1mgp-u3ep
vulnerability_id VCID-kuft-1mgp-u3ep
summary A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3223
reference_id
reference_type
scores
0
value 0.00649
scoring_system epss
scoring_elements 0.71291
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3223
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3223
4
reference_url https://security.netapp.com/advisory/ntap-20231027-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231027-0004
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893
reference_id 1054893
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
reference_id cpe:/a:redhat:openstack-optools:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.5
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
27
reference_url https://access.redhat.com/security/cve/CVE-2023-3223
reference_id CVE-2023-3223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/security/cve/CVE-2023-3223
28
reference_url https://github.com/advisories/GHSA-65h2-wf7m-q2v8
reference_id GHSA-65h2-wf7m-q2v8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65h2-wf7m-q2v8
29
reference_url https://security.netapp.com/advisory/ntap-20231027-0004/
reference_id ntap-20231027-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://security.netapp.com/advisory/ntap-20231027-0004/
30
reference_url https://access.redhat.com/errata/RHSA-2023:4505
reference_id RHSA-2023:4505
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4505
31
reference_url https://access.redhat.com/errata/RHSA-2023:4506
reference_id RHSA-2023:4506
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4506
32
reference_url https://access.redhat.com/errata/RHSA-2023:4507
reference_id RHSA-2023:4507
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4507
33
reference_url https://access.redhat.com/errata/RHSA-2023:4509
reference_id RHSA-2023:4509
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4509
34
reference_url https://access.redhat.com/errata/RHSA-2023:4918
reference_id RHSA-2023:4918
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4918
35
reference_url https://access.redhat.com/errata/RHSA-2023:4919
reference_id RHSA-2023:4919
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4919
36
reference_url https://access.redhat.com/errata/RHSA-2023:4920
reference_id RHSA-2023:4920
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4920
37
reference_url https://access.redhat.com/errata/RHSA-2023:4921
reference_id RHSA-2023:4921
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4921
38
reference_url https://access.redhat.com/errata/RHSA-2023:4924
reference_id RHSA-2023:4924
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:4924
39
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id RHSA-2023:7247
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://access.redhat.com/errata/RHSA-2023:7247
40
reference_url https://access.redhat.com/errata/RHSA-2024:3354
reference_id RHSA-2024:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3354
41
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id RHSA-2025:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4226
42
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209689
reference_id show_bug.cgi?id=2209689
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2209689
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.24.Final
purl pkg:maven/io.undertow/undertow-core@2.2.24.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-mz7z-tp7n-3qhd
5
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final
aliases CVE-2023-3223, GHSA-65h2-wf7m-q2v8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuft-1mgp-u3ep
21
url VCID-m2ne-5zum-tqbn
vulnerability_id VCID-m2ne-5zum-tqbn
summary A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
reference_id
reference_type
scores
0
value 0.00567
scoring_system epss
scoring_elements 0.68978
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
4
reference_url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
5
reference_url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
6
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
8
reference_url https://security.netapp.com/advisory/ntap-20231020-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231020-0002
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
reference_id 1033253
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id cpe:/a:redhat:openstack:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
31
reference_url https://access.redhat.com/security/cve/CVE-2023-1108
reference_id CVE-2023-1108
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/security/cve/CVE-2023-1108
32
reference_url https://github.com/advisories/GHSA-m4mm-pg93-fv78
reference_id GHSA-m4mm-pg93-fv78
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://github.com/advisories/GHSA-m4mm-pg93-fv78
33
reference_url https://security.netapp.com/advisory/ntap-20231020-0002/
reference_id ntap-20231020-0002
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://security.netapp.com/advisory/ntap-20231020-0002/
34
reference_url https://access.redhat.com/errata/RHSA-2023:1184
reference_id RHSA-2023:1184
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1184
35
reference_url https://access.redhat.com/errata/RHSA-2023:1185
reference_id RHSA-2023:1185
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1185
36
reference_url https://access.redhat.com/errata/RHSA-2023:1512
reference_id RHSA-2023:1512
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1512
37
reference_url https://access.redhat.com/errata/RHSA-2023:1513
reference_id RHSA-2023:1513
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1513
38
reference_url https://access.redhat.com/errata/RHSA-2023:1514
reference_id RHSA-2023:1514
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1514
39
reference_url https://access.redhat.com/errata/RHSA-2023:1516
reference_id RHSA-2023:1516
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1516
40
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id RHSA-2023:2135
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:2135
41
reference_url https://access.redhat.com/errata/RHSA-2023:3883
reference_id RHSA-2023:3883
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3883
42
reference_url https://access.redhat.com/errata/RHSA-2023:3884
reference_id RHSA-2023:3884
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3884
43
reference_url https://access.redhat.com/errata/RHSA-2023:3885
reference_id RHSA-2023:3885
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3885
44
reference_url https://access.redhat.com/errata/RHSA-2023:3888
reference_id RHSA-2023:3888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3888
45
reference_url https://access.redhat.com/errata/RHSA-2023:3892
reference_id RHSA-2023:3892
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3892
46
reference_url https://access.redhat.com/errata/RHSA-2023:3954
reference_id RHSA-2023:3954
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3954
47
reference_url https://access.redhat.com/errata/RHSA-2023:4612
reference_id RHSA-2023:4612
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:4612
48
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id RHSA-2025:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4226
49
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
50
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
reference_id show_bug.cgi?id=2174246
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.24.Final
purl pkg:maven/io.undertow/undertow-core@2.2.24.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-mz7z-tp7n-3qhd
5
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.5.Final
purl pkg:maven/io.undertow/undertow-core@2.3.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-mz7z-tp7n-3qhd
5
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final
aliases CVE-2023-1108, GHSA-m4mm-pg93-fv78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ne-5zum-tqbn
22
url VCID-m4a2-8fwt-bbb8
vulnerability_id VCID-m4a2-8fwt-bbb8
summary Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.6686
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
3
reference_url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
reference_id 891928
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
reference_id CVE-2018-1048
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
6
reference_url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
reference_id GHSA-prfw-3qx6-g9xr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
7
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id RHSA-2018:0478
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
8
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id RHSA-2018:0479
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
9
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id RHSA-2018:0480
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
10
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id RHSA-2018:0481
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-5age-ykyt-ryex
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-byes-xc7r-2fhs
10
vulnerability VCID-c491-1k44-4qfg
11
vulnerability VCID-dfpq-44kb-huew
12
vulnerability VCID-e5cm-rtss-bbfc
13
vulnerability VCID-f7x7-afrc-uqcm
14
vulnerability VCID-fdhy-cw72-57cd
15
vulnerability VCID-gga8-ucqw-3bc7
16
vulnerability VCID-ghz9-w5n1-zkdq
17
vulnerability VCID-kdkn-2zrf-7ff1
18
vulnerability VCID-kuft-1mgp-u3ep
19
vulnerability VCID-m2ne-5zum-tqbn
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
aliases CVE-2018-1048, GHSA-prfw-3qx6-g9xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4a2-8fwt-bbb8
23
url VCID-mz7z-tp7n-3qhd
vulnerability_id VCID-mz7z-tp7n-3qhd
summary A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5379
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36854
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5379
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055
reference_id 1059055
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://access.redhat.com/security/cve/CVE-2023-5379
reference_id CVE-2023-5379
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://access.redhat.com/security/cve/CVE-2023-5379
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5379
reference_id CVE-2023-5379
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5379
17
reference_url https://access.redhat.com/errata/RHSA-2025:9582
reference_id RHSA-2025:9582
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://access.redhat.com/errata/RHSA-2025:9582
18
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://access.redhat.com/errata/RHSA-2025:9583
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242099
reference_id show_bug.cgi?id=2242099
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2242099
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.11.Final
purl pkg:maven/io.undertow/undertow-core@2.3.11.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-dfpq-44kb-huew
2
vulnerability VCID-fdhy-cw72-57cd
3
vulnerability VCID-kdkn-2zrf-7ff1
4
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.11.Final
aliases CVE-2023-5379
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mz7z-tp7n-3qhd
24
url VCID-sg32-tewt-ckan
vulnerability_id VCID-sg32-tewt-ckan
summary Potential to access user credentials from the log files when debug logging enabled
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63974
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0017
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0017/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0017/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
reference_id 1731984
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
reference_id CVE-2019-10212
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
8
reference_url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
reference_id GHSA-8vh8-vc28-m2hf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
9
reference_url https://access.redhat.com/errata/RHSA-2019:2935
reference_id RHSA-2019:2935
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2935
10
reference_url https://access.redhat.com/errata/RHSA-2019:2936
reference_id RHSA-2019:2936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2936
11
reference_url https://access.redhat.com/errata/RHSA-2019:2937
reference_id RHSA-2019:2937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2937
12
reference_url https://access.redhat.com/errata/RHSA-2019:2938
reference_id RHSA-2019:2938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2938
13
reference_url https://access.redhat.com/errata/RHSA-2019:3050
reference_id RHSA-2019:3050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3050
14
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id RHSA-2020:0727
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.20
purl pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20
1
url pkg:maven/io.undertow/undertow-core@2.0.20.Final
purl pkg:maven/io.undertow/undertow-core@2.0.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26ru-xpcj-7bcz
1
vulnerability VCID-3cek-y62u-7qas
2
vulnerability VCID-4u9y-nd98-z7fr
3
vulnerability VCID-4yb5-81eu-qubq
4
vulnerability VCID-6bhd-zdh5-5qgz
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-kdkn-2zrf-7ff1
16
vulnerability VCID-kuft-1mgp-u3ep
17
vulnerability VCID-m2ne-5zum-tqbn
18
vulnerability VCID-mz7z-tp7n-3qhd
19
vulnerability VCID-u62g-ukw7-5uf2
20
vulnerability VCID-uymv-k8py-mfa9
21
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final
aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg32-tewt-ckan
25
url VCID-u62g-ukw7-5uf2
vulnerability_id VCID-u62g-ukw7-5uf2
summary A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1973
reference_id
reference_type
scores
0
value 0.00727
scoring_system epss
scoring_elements 0.7308
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1973
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
4
reference_url https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1973
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
reference_id 1068815
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
14
reference_url https://access.redhat.com/security/cve/CVE-2023-1973
reference_id CVE-2023-1973
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/security/cve/CVE-2023-1973
15
reference_url https://github.com/advisories/GHSA-97cq-f4jm-mv8h
reference_id GHSA-97cq-f4jm-mv8h
reference_type
scores
url https://github.com/advisories/GHSA-97cq-f4jm-mv8h
16
reference_url https://access.redhat.com/errata/RHSA-2024:1674
reference_id RHSA-2024:1674
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1674
17
reference_url https://access.redhat.com/errata/RHSA-2024:1675
reference_id RHSA-2024:1675
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1675
18
reference_url https://access.redhat.com/errata/RHSA-2024:1676
reference_id RHSA-2024:1676
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1676
19
reference_url https://access.redhat.com/errata/RHSA-2024:1677
reference_id RHSA-2024:1677
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:1677
20
reference_url https://access.redhat.com/errata/RHSA-2024:2763
reference_id RHSA-2024:2763
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:2763
21
reference_url https://access.redhat.com/errata/RHSA-2024:2764
reference_id RHSA-2024:2764
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://access.redhat.com/errata/RHSA-2024:2764
22
reference_url https://access.redhat.com/errata/RHSA-2025:4226
reference_id RHSA-2025:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4226
23
reference_url https://access.redhat.com/errata/RHSA-2025:9583
reference_id RHSA-2025:9583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9583
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2185662
reference_id show_bug.cgi?id=2185662
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2185662
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.32.Final
purl pkg:maven/io.undertow/undertow-core@2.2.32.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-fdhy-cw72-57cd
2
vulnerability VCID-kdkn-2zrf-7ff1
3
vulnerability VCID-mz7z-tp7n-3qhd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.32.Final
1
url pkg:maven/io.undertow/undertow-core@2.3.13.Final
purl pkg:maven/io.undertow/undertow-core@2.3.13.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-fdhy-cw72-57cd
2
vulnerability VCID-kdkn-2zrf-7ff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.13.Final
aliases CVE-2023-1973, GHSA-97cq-f4jm-mv8h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u62g-ukw7-5uf2
26
url VCID-uymv-k8py-mfa9
vulnerability_id VCID-uymv-k8py-mfa9
summary A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39701
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
2
reference_url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0013
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0013
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0013/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
reference_id 1923133
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
7
reference_url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
reference_id GHSA-qjwc-v72v-fq6r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
8
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
9
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
10
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
11
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
12
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
13
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
14
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.34
purl pkg:maven/io.undertow/undertow-core@2.0.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34
1
url pkg:maven/io.undertow/undertow-core@2.0.34.Final
purl pkg:maven/io.undertow/undertow-core@2.0.34.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cek-y62u-7qas
1
vulnerability VCID-4u9y-nd98-z7fr
2
vulnerability VCID-4yb5-81eu-qubq
3
vulnerability VCID-6bhd-zdh5-5qgz
4
vulnerability VCID-6dvp-ddvr-abh8
5
vulnerability VCID-7ejv-4mka-6fe6
6
vulnerability VCID-925s-414k-bybt
7
vulnerability VCID-byes-xc7r-2fhs
8
vulnerability VCID-c491-1k44-4qfg
9
vulnerability VCID-dfpq-44kb-huew
10
vulnerability VCID-e5cm-rtss-bbfc
11
vulnerability VCID-fdhy-cw72-57cd
12
vulnerability VCID-gga8-ucqw-3bc7
13
vulnerability VCID-kdkn-2zrf-7ff1
14
vulnerability VCID-kuft-1mgp-u3ep
15
vulnerability VCID-m2ne-5zum-tqbn
16
vulnerability VCID-mz7z-tp7n-3qhd
17
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final
2
url pkg:maven/io.undertow/undertow-core@2.1.6
purl pkg:maven/io.undertow/undertow-core@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6
3
url pkg:maven/io.undertow/undertow-core@2.1.6.Final
purl pkg:maven/io.undertow/undertow-core@2.1.6.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9y-nd98-z7fr
1
vulnerability VCID-6bhd-zdh5-5qgz
2
vulnerability VCID-6dvp-ddvr-abh8
3
vulnerability VCID-7ejv-4mka-6fe6
4
vulnerability VCID-byes-xc7r-2fhs
5
vulnerability VCID-c491-1k44-4qfg
6
vulnerability VCID-dfpq-44kb-huew
7
vulnerability VCID-e5cm-rtss-bbfc
8
vulnerability VCID-fdhy-cw72-57cd
9
vulnerability VCID-gga8-ucqw-3bc7
10
vulnerability VCID-kdkn-2zrf-7ff1
11
vulnerability VCID-kuft-1mgp-u3ep
12
vulnerability VCID-m2ne-5zum-tqbn
13
vulnerability VCID-mz7z-tp7n-3qhd
14
vulnerability VCID-u62g-ukw7-5uf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final
aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uymv-k8py-mfa9
27
url VCID-xdvz-febf-ybgz
vulnerability_id VCID-xdvz-febf-ybgz
summary A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
reference_id
reference_type
scores
0
value 0.00636
scoring_system epss
scoring_elements 0.70903
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
3
reference_url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
5
reference_url https://www.cnvd.org.cn/webinfo/show/5415
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cnvd.org.cn/webinfo/show/5415
6
reference_url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
reference_id 1807305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
8
reference_url https://access.redhat.com/errata/RHSA-2020:0812
reference_id RHSA-2020:0812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0812
9
reference_url https://access.redhat.com/errata/RHSA-2020:0813
reference_id RHSA-2020:0813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0813
10
reference_url https://access.redhat.com/errata/RHSA-2020:0952
reference_id RHSA-2020:0952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0952
11
reference_url https://access.redhat.com/errata/RHSA-2020:0961
reference_id RHSA-2020:0961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0961
12
reference_url https://access.redhat.com/errata/RHSA-2020:0962
reference_id RHSA-2020:0962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0962
13
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
14
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
15
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
16
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
17
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
18
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
19
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
20
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
21
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
22
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
23
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
24
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
25
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
26
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.30
purl pkg:maven/io.undertow/undertow-core@2.0.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30
1
url pkg:maven/io.undertow/undertow-core@2.0.30.Final
purl pkg:maven/io.undertow/undertow-core@2.0.30.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cek-y62u-7qas
1
vulnerability VCID-4u9y-nd98-z7fr
2
vulnerability VCID-4yb5-81eu-qubq
3
vulnerability VCID-6bhd-zdh5-5qgz
4
vulnerability VCID-6dvp-ddvr-abh8
5
vulnerability VCID-7ejv-4mka-6fe6
6
vulnerability VCID-925s-414k-bybt
7
vulnerability VCID-byes-xc7r-2fhs
8
vulnerability VCID-c491-1k44-4qfg
9
vulnerability VCID-dfpq-44kb-huew
10
vulnerability VCID-e5cm-rtss-bbfc
11
vulnerability VCID-fdhy-cw72-57cd
12
vulnerability VCID-gga8-ucqw-3bc7
13
vulnerability VCID-kdkn-2zrf-7ff1
14
vulnerability VCID-kuft-1mgp-u3ep
15
vulnerability VCID-m2ne-5zum-tqbn
16
vulnerability VCID-mz7z-tp7n-3qhd
17
vulnerability VCID-u62g-ukw7-5uf2
18
vulnerability VCID-uymv-k8py-mfa9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final
aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdvz-febf-ybgz
28
url VCID-y5uu-3hgq-6ud1
vulnerability_id VCID-y5uu-3hgq-6ud1
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1247
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1247
1
reference_url https://access.redhat.com/errata/RHSA-2018:1248
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1248
2
reference_url https://access.redhat.com/errata/RHSA-2018:1249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1249
3
reference_url https://access.redhat.com/errata/RHSA-2018:1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1251
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70685
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
9
reference_url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
10
reference_url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
reference_id 1550671
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id 900323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
reference_id CVE-2018-1067
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
14
reference_url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id GHSA-47mp-rq2x-wjf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
15
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6dvp-ddvr-abh8
6
vulnerability VCID-7ejv-4mka-6fe6
7
vulnerability VCID-925s-414k-bybt
8
vulnerability VCID-byes-xc7r-2fhs
9
vulnerability VCID-c491-1k44-4qfg
10
vulnerability VCID-dfpq-44kb-huew
11
vulnerability VCID-e5cm-rtss-bbfc
12
vulnerability VCID-f7x7-afrc-uqcm
13
vulnerability VCID-fdhy-cw72-57cd
14
vulnerability VCID-gga8-ucqw-3bc7
15
vulnerability VCID-ghz9-w5n1-zkdq
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-m4a2-8fwt-bbb8
20
vulnerability VCID-mz7z-tp7n-3qhd
21
vulnerability VCID-sg32-tewt-ckan
22
vulnerability VCID-u62g-ukw7-5uf2
23
vulnerability VCID-uymv-k8py-mfa9
24
vulnerability VCID-xdvz-febf-ybgz
25
vulnerability VCID-yes8-5q2e-4bg1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nxp-wx8c-a7gx
1
vulnerability VCID-26ru-xpcj-7bcz
2
vulnerability VCID-3cek-y62u-7qas
3
vulnerability VCID-4u9y-nd98-z7fr
4
vulnerability VCID-4yb5-81eu-qubq
5
vulnerability VCID-6bhd-zdh5-5qgz
6
vulnerability VCID-6dvp-ddvr-abh8
7
vulnerability VCID-7ejv-4mka-6fe6
8
vulnerability VCID-925s-414k-bybt
9
vulnerability VCID-byes-xc7r-2fhs
10
vulnerability VCID-c491-1k44-4qfg
11
vulnerability VCID-dfpq-44kb-huew
12
vulnerability VCID-e5cm-rtss-bbfc
13
vulnerability VCID-f7x7-afrc-uqcm
14
vulnerability VCID-fdhy-cw72-57cd
15
vulnerability VCID-gga8-ucqw-3bc7
16
vulnerability VCID-kdkn-2zrf-7ff1
17
vulnerability VCID-kuft-1mgp-u3ep
18
vulnerability VCID-m2ne-5zum-tqbn
19
vulnerability VCID-mz7z-tp7n-3qhd
20
vulnerability VCID-sg32-tewt-ckan
21
vulnerability VCID-u62g-ukw7-5uf2
22
vulnerability VCID-uymv-k8py-mfa9
23
vulnerability VCID-xdvz-febf-ybgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uu-3hgq-6ud1
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.0.Alpha9