11 matches found
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow server core
Summary Due to use of Undertow, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerability. CVE-2025-12543 Vulnerability Details CVEID:CVE-2025-12543 DESCRIPTION: A flaw was found in the Undertow HTTP server core, which is used in WildFly,...
Security Bulletin: Improper Host Header Validation in Undertow HTTP Server Enables Cache Poisoning and Session Hijacking affects watsonx.data
Summary A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Undertow
Summary Multiple vulnerabilities in Undertow that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:4915)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4915 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.12 (RHSA-2026:3889)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3889 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf (CVE-2025-12543)
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed withou...
app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:deder-publish-example_3 (=0.0.1) +1362 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.20.Final)
io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.10.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2025-12543 Source advisory: OSV:GHSA-J382-5JJ3-VW4J...
io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (=2.4.0.Alpha1)
io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...
africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +2475 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (>=2.0.0.Alpha1 <=2.2.38.Final)
io.undertow:undertow-core MAVEN version =2.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =1.0.1, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-12543 Source advisory: SNYK:JAVA-IOUNDERTOW-14908846...
io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (=2.4.0.Alpha1)
io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...
app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:deder-publish-example_3 (=0.0.1) +1362 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.20.Final)
io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.10.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2025-12543 Source advisory: SNYK:JAVA-IOUNDERTOW-14908846...