Search for packages
| purl | pkg:maven/io.undertow/undertow-core@2.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-67vd-ggxw-aaaj
Aliases: CVE-2016-4993 GHSA-qcqr-hcjq-whfq |
Improper Neutralization of CRLF Sequences in HTTP Headers CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
Affected by 0 other vulnerabilities. Affected by 35 other vulnerabilities. |
|
VCID-bu59-sqtv-aaak
Aliases: CVE-2017-7559 GHSA-rj76-h87p-r3wf |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. |
Affected by 35 other vulnerabilities. |
|
VCID-mqhb-fgt3-aaaa
Aliases: CVE-2018-1067 GHSA-47mp-rq2x-wjf2 |
HTTP Response Splitting Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. |
Affected by 32 other vulnerabilities. |
|
VCID-sssr-kebe-aaah
Aliases: CVE-2022-2764 |
CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations |
Affected by 15 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||