HIGH🇬🇧 English

CVE-2026-28368

CVSS 8.7v3.1pub. 2026-03-27upd. 2026-06-29

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Red Hat Build Of Apache Camel For Spring Boot

    APP
    Redhat
    4.0
  • Red Hat Build Of Apache Camel Hawtio

    APP
    Redhat
    4.0
  • Red Hat Data Grid

    APP
    Redhat
    8.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    9.0
  • Red Hat Fuse

    APP
    Redhat
    7.0.0
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.0.08.0.0
  • Red Hat Jboss Enterprise Application Platform Expansion Pack

    APP
    Redhat
    wszystkie wersje
  • Red Hat Process Automation

    APP
    Redhat
    7.0
  • Red Hat Single Sign On

    APP
    Redhat
    7.0
  • Red Hat Undertow

    APP
    Redhat
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2016-4437CRITICAL9.8⚠ KEVten sam produkt

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows rem...