CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.9%
A vulnerability was found in Undertow where the ProxyProtocolReadListener
reuses the same StringBuilder instance across multiple requests. This issue
occurs when the parseProxyProtocolV1 method processes multiple requests on
the same HTTP connection. As a result, different requests may share the
same StringBuilder instance, potentially leading to information leakage
between requests or responses. In some cases, a value from a previous
request or response may be erroneously reused, which could lead to
unintended data exposure. This issue primarily results in errors and
connection termination but creates a risk of data leakage in multi-request
environments.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.9%