CRITICAL9.8CVE-2022-4492Undertow client not checking server identity presented by server certificate in https connections >= 2.3.0, < 2.3.5.Final
CRITICAL9.8CVE-2019-10212Potential to access user credentials from the log files when debug logging enabled from 0, < 2.0.20
CRITICAL9.8CVE-2019-3888Credential exposure through log files in Undertow from 0, < 2.0.21
CRITICAL9.6Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
HIGH8.6Improper Authorization in Undertoe
from 0, < 2.0.30
HIGH8.1Improper Input Validation in Undertow
from 0, < 2.1.0
HIGH7.5Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
from 0, < 2.2.39.Final
HIGH7.5Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
from 0, < 2.2.39.Final
HIGH7.5Undertow MadeYouReset HTTP/2 DDoS Vulnerability
from 0, < 2.2.38.Final
HIGH7.5Undertow Denial of Service vulnerability
from 0, < 2.2.32.Final
HIGH7.5Undertow vulnerable to Race Condition
from 0, < 2.2.36.Final
HIGH7.5Undertow Denial of Service vulnerability
>= 2.3.0.Alpha1, < 2.3.15.Final
HIGH7.5Undertow's url-encoded request path information can be broken on ajp-listener
>= 2.3.0.Alpha1, < 2.3.14.Final
HIGH7.5Undertow Uncontrolled Resource Consumption Vulnerability
>= 2.3.0.Final, < 2.3.12.Final
HIGH7.5Undertow denial of service vulnerability
>= 2.3.0, < 2.3.5.Final
HIGH7.5Undertow vulnerable to Dos via Large AJP request
from 0, < 2.2.19.Final
HIGH7.5Undertow vulnerable to Denial of Service (DoS) attacks
from 0, < 2.2.15
HIGH7.5Undertow vulnerable to memory exhaustion due to buffer leak
from 0, < 2.0.40
HIGH7.5Undertow Uncontrolled Resource Consumption
from 0, < 2.0.40.Final
HIGH7.5Undertow vulnerable to Uncontrolled Resource Consumption
from 0, < 2.0.29.Final
HIGH7.5Undertow Request Smuggling vulnerability
from 0, < 1.3.31
HIGH7.5Denial of service in Undertow
>= 2.1.0, < 2.1.5
HIGH7.5Allocation of Resources Without Limits or Throttling in Undertow
from 0, < 2.1.1.Final
HIGH7.5Moderate severity vulnerability that affects io.undertow:undertow-core
from 0, < 1.3.28
HIGH7.4Undertow incorrectly parses cookies
>= 2.3.0.Alpha1, < 2.3.11.Final
MEDIUM6.5Uncontrolled Resource Consumption in Undertow
from 0, < 1.4.25.Final
MEDIUM6.5HTTP Request Smuggling in Undertow
from 0, < 2.1.1.Final
MEDIUM6.5undertow - security update
from 0, < 1.3.31
MEDIUM6.1Undertow vulnerable to Request Smuggling
>= 1.4.0, < 1.4.17.Final
MEDIUM5.9Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
from 0, < 2.4.0.Beta1
MEDIUM5.9undertow Race Condition vulnerability
>= 2.1.0, < 2.2.9.Final
MEDIUM5.9Undertow Uncaught Exception vulnerability
>= 1.4.0, < 1.4.3.Final
MEDIUM5.9Incorrect Authorization in Undertow
>= 2.0.0.Alpha1, < 2.0.2.FInal
MEDIUM5.3Undertow Missing Release of Memory after Effective Lifetime vulnerability
>= 2.3.0.Alpha1, < 2.3.15.Final
MEDIUM5.3Undertow Path Traversal vulnerability
from 0, < 2.2.31.Final
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Undertow
from 0, < 2.0.19.FINAL
MEDIUM4.8HTTP request smuggling in Undertow
>= 2.1.0, < 2.1.6
MEDIUM4.8HTTP Request Smuggling in Undertow
from 0, < 2.2.0.Final
—Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
>= 1.0.0, < 1.0.17