A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220210-0014/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
21 Feb 2022, 04:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat openshift Application Runtimes
Netapp active Iq Unified Manager Netapp oncommand Workflow Automation Redhat jboss Enterprise Application Platform Netapp Netapp oncommand Insight Redhat fuse Redhat enterprise Linux Redhat single Sign-on |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220210-0014/ - Third Party Advisory | |
CPE | cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
10 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-26 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-10719
Mitre link : CVE-2020-10719
CVE.ORG link : CVE-2020-10719
JSON object : View
Products Affected
netapp
- oncommand_workflow_automation
- oncommand_insight
- active_iq_unified_manager
redhat
- undertow
- jboss_enterprise_application_platform
- openshift_application_runtimes
- enterprise_linux
- single_sign-on
- fuse
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')