Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2024-1635
- EPSS 8.33%
- Veröffentlicht 19.02.2024 22:15:48
- Zuletzt bearbeitet 07.05.2025 12:27:53
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immedia...
7.5
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
CVE-2022-4492
- EPSS 0.12%
- Veröffentlicht 23.02.2023 20:15:12
- Zuletzt bearbeitet 12.03.2025 15:15:38
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...
1