A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NRed Hat Build Of Apache Camel For Spring Boot
APPRedhat4.0Red Hat Build Of Apache Camel Hawtio
APPRedhat4.0Red Hat Data Grid
APPRedhat8.0Red Hat Fuse
APPRedhat7.0.0Red Hat Jboss Enterprise Application Platform
APPRedhat7.0.08.0.0Red Hat Jboss Enterprise Application Platform Expansion Pack
APPRedhatwszystkie wersjeRed Hat Process Automation
APPRedhat7.0Red Hat Single Sign On
APPRedhat7.0Red Hat Undertow
APPRedhatwszystkie wersje
Powiązane podatności
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows rem...
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...