Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to construct specially crafted requests that lead to header parsing discrepancies, potentially allowing for request...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has a security vulnerability that stems from its failure to follow standards when processing HTTP request headers starting with spaces. This vulnerability may allow remote attackers to execute request payload...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to send specific header block terminators, potentially leading to request payload attacks...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

EUVD-2019-0546

Malware in sbrugna...

EUVD-2022-4951

Malicious code in bioql PyPI...

The vulnerability of the parseProxyProtocolV1() function in the ProxyProtocolReadListener class of the Undertow web server allows a hacker to gain unauthorized access to protected information.

The vulnerability of the parseProxyProtocolV1 function in the ProxyProtocolReadListener class of the Undertow web server is related to the synchronization of requests and responses when processing the StringBuilder parameter. Exploiting this vulnerability can allow a remote attacker to gain...

The vulnerability of the Undertow web server, related to deficiencies in the processing of incoming HTTP requests, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Undertow web server is related to deficiencies in the processing of incoming HTTP requests during the analysis of cookies containing certain delimiter symbols. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

The vulnerability of the Undertow web server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Undertow web server is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the Undertow web server arises from insufficient protection of registration data, allowing attackers to disclose sensitive information.

The vulnerability of the Undertow web server is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

The vulnerability of the io.undertow.request.security component in the Undertow web server allows a hacker to obtain user credentials from log files.

The vulnerability of the io.undertow.request.security component in the Undertow web server relates to the disclosure of information through registration files. Exploiting this vulnerability may allow a malicious actor, operating remotely, to obtain user credentials from the log files...

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

CVE-2018-1067

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

CVE-2019-3888

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

CVE-2019-3888

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

CVE-2019-3888

CVE-2019-3888 describes an information exposure in Undertow prior to 2.0.21 where Connectors.executeRootHandler logs the HttpServerExchange object at ERROR level via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed, potentially exposing plain text credentials in log files. Connected documents ...