Search for vulnerabilities
Vulnerability details: VCID-kg8u-acdw-aaab
Vulnerability ID VCID-kg8u-acdw-aaab
Aliases CVE-2020-27782
GHSA-rhcw-wjcm-9h6g
Summary Denial of service in Undertow
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2021:0246
rhas Important https://access.redhat.com/errata/RHSA-2021:0247
rhas Important https://access.redhat.com/errata/RHSA-2021:0248
rhas Important https://access.redhat.com/errata/RHSA-2021:0250
rhas Important https://access.redhat.com/errata/RHSA-2021:0295
rhas Important https://access.redhat.com/errata/RHSA-2021:0327
rhas Important https://access.redhat.com/errata/RHSA-2021:3425
rhas Critical https://access.redhat.com/errata/RHSA-2021:5134
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
epss 0.01075 https://api.first.org/data/v1/epss?cve=CVE-2020-27782
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1901304
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
cvssv3.1 7.5 https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
generic_textual HIGH https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
cvssv3.1 7.5 https://issues.redhat.com/browse/UNDERTOW-1813
generic_textual HIGH https://issues.redhat.com/browse/UNDERTOW-1813
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27782
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27782
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27782
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
https://api.first.org/data/v1/epss?cve=CVE-2020-27782
https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
https://issues.redhat.com/browse/UNDERTOW-1813
1901304 https://bugzilla.redhat.com/show_bug.cgi?id=1901304
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.0.33:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.0.33:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.1.5:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.1.5:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:2.2.3:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.2.3:sp1:*:*:*:*:*:*
CVE-2020-27782 https://nvd.nist.gov/vuln/detail/CVE-2020-27782
GHSA-rhcw-wjcm-9h6g https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
RHSA-2021:0246 https://access.redhat.com/errata/RHSA-2021:0246
RHSA-2021:0247 https://access.redhat.com/errata/RHSA-2021:0247
RHSA-2021:0248 https://access.redhat.com/errata/RHSA-2021:0248
RHSA-2021:0250 https://access.redhat.com/errata/RHSA-2021:0250
RHSA-2021:0295 https://access.redhat.com/errata/RHSA-2021:0295
RHSA-2021:0327 https://access.redhat.com/errata/RHSA-2021:0327
RHSA-2021:3205 https://access.redhat.com/errata/RHSA-2021:3205
RHSA-2021:3207 https://access.redhat.com/errata/RHSA-2021:3207
RHSA-2021:3425 https://access.redhat.com/errata/RHSA-2021:3425
RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134
RHSA-2025:9582 https://access.redhat.com/errata/RHSA-2025:9582
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/UNDERTOW-1813
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27782
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27782
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27782
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37749
EPSS Score 0.00087
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.