logo
DATABASE RESOURCES PRICING ABOUT US

Undertow Request Smuggling vulnerability

Description

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.


Affected Software


CPE Name Name Version
io.undertow:undertow-core 2.0.0.Alpha1
io.undertow:undertow-core 1.4.17
io.undertow:undertow-core 1.3.31

Related