9.6
CVE-2025-12543
- EPSS 0.05%
- Veröffentlicht 07.01.2026 16:04:22
- Zuletzt bearbeitet 18.03.2026 16:16:22
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Apache Camel SwPlatformspring_boot Version < 4.14.4
Redhat ≫ Jboss Enterprise Application Platform Version >= 8.0 < 8.0.12
Redhat ≫ Jboss Enterprise Application Platform Version >= 8.1.0 < 8.1.3
Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only
Redhat ≫ Jboss Enterprise Application Platform Version7.0.0
Redhat ≫ Process Automation Version7.0
Redhat ≫ Single Sign-on Version7.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.156 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
| secalert@redhat.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.