CVE-2020-10705

2020-06-1020:15:12

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the “Expect: 100-continue” header may cause an out of memory error. This flaw may potentially lead to a denial of service.

CPENameOperatorVersion
undertoweq1.3.0.CR3
undertoweq1.2.0.Beta4
undertoweq1.0.0.Beta7
undertoweq2.0.7.Final
undertoweq1.1.0.Beta8
undertoweq1.0.0.Beta10
undertoweq1.1.0.Beta3
undertoweq1.1.0.Beta1
undertoweq1.0.0.Beta22
undertoweq1.0.0.Beta26

Name	Operator	Version
undertow	eq	1.3.0.CR3
undertow	eq	1.2.0.Beta4
undertow	eq	1.0.0.Beta7
undertow	eq	2.0.7.Final
undertow	eq	1.1.0.Beta8
undertow	eq	1.0.0.Beta10
undertow	eq	1.1.0.Beta3
undertow	eq	1.1.0.Beta1
undertow	eq	1.0.0.Beta22
undertow	eq	1.0.0.Beta26