Redhat

Process Automation

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.68%
  • Veröffentlicht 27.03.2026 16:13:05
  • Zuletzt bearbeitet 10.06.2026 22:16:56

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can...

  • EPSS 0.71%
  • Veröffentlicht 27.03.2026 16:13:05
  • Zuletzt bearbeitet 29.06.2026 10:16:30

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Go...

  • EPSS 0.7%
  • Veröffentlicht 27.03.2026 16:13:03
  • Zuletzt bearbeitet 29.06.2026 10:16:31

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exp...

  • EPSS 1.18%
  • Veröffentlicht 07.01.2026 16:04:22
  • Zuletzt bearbeitet 30.06.2026 05:17:10

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed ...

  • EPSS 2.17%
  • Veröffentlicht 02.09.2025 13:37:59
  • Zuletzt bearbeitet 30.06.2026 03:17:01

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

  • EPSS 2.64%
  • Veröffentlicht 21.08.2024 14:15:09
  • Zuletzt bearbeitet 19.01.2026 04:15:58

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • EPSS 1.77%
  • Veröffentlicht 14.09.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

  • EPSS 1.04%
  • Veröffentlicht 11.09.2023 21:15:41
  • Zuletzt bearbeitet 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

  • EPSS 0.62%
  • Veröffentlicht 17.10.2022 16:15:15
  • Zuletzt bearbeitet 13.05.2025 21:15:58

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.