Download
| Alert*
|
oval:org.secpod.oval:def:602998
libundertow-java is installed oval:org.secpod.oval:def:53093 Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling. oval:org.secpod.oval:def:602994 Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling. oval:org.secpod.oval:def:1901401 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. oval:org.secpod.oval:def:1901537 libundertow-java before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access ... |
