CVE-2026-28367
- EPSS 0.05%
- Veröffentlicht 27.03.2026 16:13:05
- Zuletzt bearbeitet 10.04.2026 14:22:53
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Go...
CVE-2026-28369
- EPSS 0.05%
- Veröffentlicht 27.03.2026 16:13:05
- Zuletzt bearbeitet 31.03.2026 18:08:21
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can...
CVE-2026-28368
- EPSS 0.03%
- Veröffentlicht 27.03.2026 16:13:03
- Zuletzt bearbeitet 31.03.2026 18:20:30
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exp...
CVE-2026-3260
- EPSS 0.64%
- Veröffentlicht 24.03.2026 04:11:16
- Zuletzt bearbeitet 08.04.2026 19:11:02
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the ser...
CVE-2024-7885
- EPSS 10.7%
- Veröffentlicht 21.08.2024 14:15:09
- Zuletzt bearbeitet 19.01.2026 04:15:58
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....