Lucene search

K
cvelistRedhatCVELIST:CVE-2020-10719
HistoryMay 26, 2020 - 2:57 p.m.

CVE-2020-10719

2020-05-2614:57:51
CWE-444
redhat
www.cve.org
5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

38.7%

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

CNA Affected

[
  {
    "product": "undertow",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 2.1.1.Final"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

38.7%