pkg:Debian/undertow

All known vulnerabilities

• CRITICAL9.8CVE-2022-4492Undertow client not checking server identity presented by server certificate in https connections
  from 0, < 2.3.8-2
• CRITICAL9.8CVE-2019-10212Potential to access user credentials from the log files when debug logging enabled
  from 0, < 2.0.27-1
• CRITICAL9.8CVE-2019-3888Credential exposure through log files in Undertow
  from 0, < 2.0.23-1
• CRITICAL9.6Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
  from 0
• HIGH8.7Undertow is Vulnerable to HTTP Request/Response Smuggling
  from 0
• HIGH8.7Undertow is Vulnerable to HTTP Request/Response Smuggling
  from 0
• HIGH8.7Undertow is Vulnerable to HTTP Request/Response Smuggling
  from 0
• HIGH8.6Improper Authorization in Undertoe
  from 0, < 2.0.30-1
• HIGH8.1Improper Input Validation in Undertow
  from 0, < 2.1.0-1
• HIGH7.5Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
  from 0
• HIGH7.5Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
  from 0
• HIGH7.5Undertow MadeYouReset HTTP/2 DDoS Vulnerability
  from 0, < 2.3.20-1
• HIGH7.5Undertow Denial of Service vulnerability
  from 0, < 2.3.18-1
• HIGH7.5Undertow Denial of Service vulnerability
  from 0, < 2.3.18-1
• HIGH7.5Undertow vulnerable to Race Condition
  from 0, < 2.3.18-1
• HIGH7.5Undertow Denial of Service vulnerability
  from 0, < 2.3.18-1
• HIGH7.5Undertow Denial of Service vulnerability
  from 0, < 2.3.18-1
• HIGH7.5Undertow's url-encoded request path information can be broken on ajp-listener
  from 0
• HIGH7.5Undertow's url-encoded request path information can be broken on ajp-listener
  from 0, < 2.3.18-1
• HIGH7.5Undertow Uncontrolled Resource Consumption Vulnerability
  from 0, < 2.3.18-1
• HIGH7.5A flaw was found in Undertow.
  from 0, < 2.3.18-1
• HIGH7.5Undertow vulnerable to denial of service
  from 0, < 2.3.18-1
• HIGH7.5Undertow denial of service vulnerability
  from 0, < 2.3.8-2
• HIGH7.5A flaw was found in Undertow.
  from 0, < 2.2.17-1
• HIGH7.5Undertow vulnerable to Dos via Large AJP request
  from 0, < 2.2.18-1
• HIGH7.5Undertow vulnerable to Denial of Service (DoS) attacks
  from 0, < 2.2.16-1
• HIGH7.5Undertow vulnerable to memory exhaustion due to buffer leak
  from 0, < 2.2.10-1
• HIGH7.5Undertow Uncontrolled Resource Consumption
  from 0, < 2.2.12-1
• HIGH7.5Undertow vulnerable to Uncontrolled Resource Consumption
  from 0, < 2.0.30-1
• HIGH7.5Undertow Request Smuggling vulnerability
  from 0, < 2.0.23-1
• HIGH7.5Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
  from 0, < 1.4.22-1
• HIGH7.5Denial of service in Undertow
  from 0, < 2.2.4-1
• HIGH7.5Allocation of Resources Without Limits or Throttling in Undertow
  from 0, < 2.1.1-1
• HIGH7.5A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
  from 0, < 2.0.25-1
• HIGH7.5Undertow Missing Authorization when requesting a protected directory without trailing slash
  from 0, < 2.0.23-1
• HIGH7.5Moderate severity vulnerability that affects io.undertow:undertow-core
  from 0, < 1.4.18-1
• HIGH7.4Undertow incorrectly parses cookies
  from 0, < 2.3.18-1
• HIGH7.4Undertow incorrectly parses cookies
  from 0, < 2.3.18-1
• MEDIUM6.5Uncontrolled Resource Consumption in Undertow
  from 0, < 1.4.25-1
• MEDIUM6.5HTTP Request Smuggling in Undertow
  from 0, < 2.1.1-1
• MEDIUM6.5undertow - security update
  from 0, < 1.4.8-1+deb9u1
• MEDIUM6.5undertow - security update
  from 0, < 1.4.18-1
• MEDIUM6.1Improper Neutralization of CRLF Sequences in Wildfly Undertow
  from 0, < 1.4.3-1
• MEDIUM6.1Undertow vulnerable to Request Smuggling
  from 0, < 1.4.23-1
• MEDIUM6.1Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
  from 0, < 1.4.25-1
• MEDIUM5.9Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
  from 0
• MEDIUM5.9undertow Race Condition vulnerability
  from 0, < 2.2.10-1
• MEDIUM5.9Undertow Uncaught Exception vulnerability
  from 0, < 1.4.3-1
• MEDIUM5.9Incorrect Authorization in Undertow
  from 0, < 1.4.25-1
• MEDIUM5.3Undertow Missing Release of Memory after Effective Lifetime vulnerability
  from 0, < 2.3.18-1
• MEDIUM5.3Undertow Missing Release of Memory after Effective Lifetime vulnerability
  from 0, < 2.3.18-1
• MEDIUM5.3Undertow Path Traversal vulnerability
  from 0, < 2.3.18-1
• MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Undertow
  from 0, < 2.0.23-1
• MEDIUM4.9A flaw was found in Undertow.
  from 0, < 2.2.21-1
• MEDIUM4.8HTTP request smuggling in Undertow
  from 0, < 2.2.0-1
• MEDIUM4.8HTTP Request Smuggling in Undertow
  from 0, < 2.2.0-1
• —Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability.
  from 0