Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-20220

UNKNOWN
Published 2021-02-23T17:21:44
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-20220. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

HTTP request smuggling in Undertow

GHSA-qjwc-v72v-fq6r

Advisory Details

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected Packages

Maven io.undertow:undertow-core
ECOSYSTEM: ≥2.1.0 <2.1.6
Maven io.undertow:undertow-core
ECOSYSTEM: ≥0 <2.0.34

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-20220
WEB https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1923133
WEB https://security.netapp.com/advisory/ntap-20220210-0013

Advisory provided by GitHub Security Advisory Database. Published: June 16, 2021, Modified: February 11, 2022

References

https://bugzilla.redhat.com/show_bug.cgi?id=1923133
https://security.netapp.com/advisory/ntap-20220210-0013/
Published: 2021-02-23T17:21:44
Last Modified: 2024-08-03T17:30:07.487Z
Copied to clipboard!