Lucene search

K
cvelistRedhatCVELIST:CVE-2020-10687
HistorySep 23, 2020 - 12:30 p.m.

CVE-2020-10687

2020-09-2312:30:43
CWE-444
redhat
www.cve.org
1

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

CNA Affected

[
  {
    "product": "Undertow",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Undertow 2.2.0.Final"
      }
    ]
  }
]

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%