Vulnerability Description
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Undertow | < 2.1.1 |
| Netapp | Oncommand Insight | < 7.3.13 |
| Redhat | Fuse | 1.0 |
| Redhat | Jboss Enterprise Application Platform | - |
| Redhat | Openshift Application Runtimes | - |
| Redhat | Single Sign-On | - |
| Redhat | Enterprise Linux | 8.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Oncommand Workflow Automation | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20220210-0014/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20220210-0014/Third Party Advisory
FAQ
What is CVE-2020-10719?
CVE-2020-10719 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request sm...
How severe is CVE-2020-10719?
CVE-2020-10719 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10719?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Netapp Oncommand Insight, Redhat Fuse, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes.