CVE-2025-12543

EPSS 0.15%
Veröffentlicht 07.01.2026 16:04:22
Zuletzt bearbeitet 08.01.2026 23:15:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.10-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.82.0-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:801.3.0-1.GA_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.0.1-3.redhat_00003.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:6.6.36-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.2-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.5.0-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.3.20-2.SP4_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:8.1.3-4.GA_redhat_00006.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:5.0.12-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.6.6-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Default Statusaffected

Version < *

Version 0:8.1.1-4.GA_redhat_00007.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.10-1.redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.82.0-1.redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:801.3.0-1.GA_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.0.1-3.redhat_00003.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:6.6.36-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.2-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.5.0-1.redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.3.20-2.SP4_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:8.1.3-4.GA_redhat_00006.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:5.0.12-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.6.6-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Default Statusaffected

Version < *

Version 0:8.1.1-4.GA_redhat_00007.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel for Spring Boot 4

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel - HawtIO 4

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Data Grid 8

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Fuse 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Process Automation 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/security/cve/CVE-2025-12543

https://bugzilla.redhat.com/show_bug.cgi?id=2408784

https://access.redhat.com/errata/RHSA-2026:0384

https://access.redhat.com/errata/RHSA-2026:0386

https://access.redhat.com/errata/RHSA-2026:0383

https://nvd.nist.gov/vuln/detail/CVE-2025-12543

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12543

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12543

EUVD