Lucene search

CVE-2021-20220

🗓️ 23 Feb 2021 00:00:00Reported by ubuntu.comType

A flaw in Undertow permits HTTP request smuggling, allowing an attacker to poison web-cache, perform XSS attack, and obtain sensitive information. The highest threat is to data confidentiality and integrity

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 55
OSV	HTTP request smuggling in Undertow	16 Jun 202117:47	–	osv
OSV	CVE-2021-20220	23 Feb 202118:15	–	osv
OSV	RHSA-2021:0874 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update	13 Sep 202422:43	–	osv
OSV	RHSA-2021:0873 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update	13 Sep 202422:44	–	osv
OSV	RHSA-2021:0872 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update	13 Sep 202422:43	–	osv
OSV	HTTP Request Smuggling in Undertow	30 Apr 202117:28	–	osv
OSV	CVE-2020-10687	23 Sep 202013:15	–	osv
OSV	RHSA-2020:3463 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	16 Sep 202404:09	–	osv
OSV	RHSA-2020:3461 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	16 Sep 202404:09	–	osv
OSV	RHSA-2020:3462 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	16 Sep 202404:09	–	osv

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-20220
launchpad	www.launchpad.net/bugs/cve/CVE-2021-20220
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-20220

OS	OS Version	Architecture	Package	Package Version	Filename
ubuntu	24.10	noarch	undertow	any	UNKNOWN
ubuntu	24.04	noarch	undertow	any	UNKNOWN
ubuntu	22.04	noarch	undertow	any	UNKNOWN
ubuntu	20.04	noarch	undertow	any	UNKNOWN
ubuntu	18.04	noarch	undertow	any	UNKNOWN
ubuntu	16.04	noarch	undertow	any	UNKNOWN
ubuntu	24.10	noarch	undertow	any	UNKNOWN
ubuntu	24.04	noarch	undertow	any	UNKNOWN
ubuntu	22.04	noarch	undertow	any	UNKNOWN
ubuntu	20.04	noarch	undertow	any	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Feb 2021 00:00Current

7High risk

Vulners AI Score7

CVSS25.8

CVSS34.8

EPSS0.0031

undertow http_request_smuggling xss_attack data_confidentiality data_integrity cve-2021-20220cve-2020-10687cve-2017-2666