CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
78.5%
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | undertow | * | cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* |
netapp | active_iq_unified_manager | - | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* |
netapp | active_iq_unified_manager | - | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
netapp | active_iq_unified_manager | - | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
netapp | oncommand_workflow_automation | - | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
[
{
"product": "undertow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Undertow 2.2.0.Final, Undertow 2.1.6.Final, Undertow 2.0.34.Final"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
78.5%