Package impact

Maven / io.undertow:undertow-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2016-7046	medium	5.9	5.9	10y ago	Undertow Uncaught Exception vulnerability
CVE-2014-7816	medium	—	5.0	12y ago	Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2026-3260	unknown	—	—	2mo ago	Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
CVE-2024-4027	unknown	—	—	4mo ago	Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
CVE-2025-12543	unknown	—	—	5mo ago	Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
CVE-2024-3884	unknown	—	—	6mo ago	Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2025-9784	unknown	—	—	9mo ago	Undertow MadeYouReset HTTP/2 DDoS Vulnerability
CVE-2023-4639	unknown	—	—	2y ago	Undertow incorrectly parses cookies
CVE-2023-1973	unknown	—	—	2y ago	Undertow Denial of Service vulnerability
CVE-2024-7885	unknown	—	—	2y ago	Undertow vulnerable to Race Condition
CVE-2024-3653	unknown	—	—	2y ago	Undertow Missing Release of Memory after Effective Lifetime vulnerability
CVE-2024-5971	unknown	—	—	2y ago	A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not …
CVE-2024-6162	unknown	—	—	2y ago	Undertow's url-encoded request path information can be broken on ajp-listener
CVE-2024-1635	unknown	—	—	2y ago	A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port o…
CVE-2024-1459	unknown	—	—	2y ago	A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which …
CVE-2023-1108	unknown	—	—	3y ago	A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2022-4492	unknown	—	—	3y ago	The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and i…
CVE-2022-2053	unknown	—	—	4y ago	Undertow vulnerable to Dos via Large AJP request
CVE-2021-3859	unknown	—	—	4y ago	Undertow vulnerable to Denial of Service (DoS) attacks
CVE-2021-3690	unknown	—	—	4y ago	Undertow vulnerable to memory exhaustion due to buffer leak
CVE-2021-3629	unknown	—	—	4y ago	A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat fr…
CVE-2021-3597	unknown	—	—	4y ago	A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availabil…
CVE-2020-1745	unknown	—	—	4y ago	Improper Authorization in Undertoe
CVE-2020-1757	unknown	—	—	4y ago	Improper Input Validation in Undertow
CVE-2019-14888	unknown	—	—	4y ago	A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the s…
CVE-2017-12165	unknown	—	—	4y ago	Undertow Request Smuggling vulnerability
CVE-2017-12196	unknown	—	—	4y ago	Incorrect Authorization in Undertow
CVE-2017-7559	unknown	—	—	4y ago	In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in t…
CVE-2018-1114	unknown	—	—	4y ago	Uncontrolled Resource Consumption in Undertow
CVE-2018-14642	unknown	—	—	4y ago	An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full con…
CVE-2020-27782	unknown	—	—	4y ago	A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a …
CVE-2021-20220	unknown	—	—	5y ago	A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid c…
CVE-2020-10687	unknown	—	—	5y ago	A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid …
CVE-2020-10705	unknown	—	—	5y ago	Allocation of Resources Without Limits or Throttling in Undertow
CVE-2020-10719	unknown	—	—	5y ago	HTTP Request Smuggling in Undertow
CVE-2019-10212	unknown	—	—	7y ago	Potential to access user credentials from the log files when debug logging enabled
CVE-2019-3888	unknown	—	—	7y ago	A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchan…
CVE-2017-2666	unknown	—	—	8y ago	It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid charac…
CVE-2017-2670	unknown	—	—	8y ago	Moderate severity vulnerability that affects io.undertow:undertow-core