1647 matches found
undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.15 (RHSA-2026:33372)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33372 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release ...
Path Equivalence
Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...
undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...
undertow: Undertow: Request smuggling via inconsistent header parsing
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...
undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
undertow: Undertow: Request smuggling via inconsistent header parsing
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016715)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016715 advisory. A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the Expect: 100-continue header may cause an out of memory error...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021493 advisory. A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021479)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021479 advisory. A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a reque...