pkg:Debian/undertow

57 total CVEsCRITICAL4HIGH34MEDIUM18

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-4492Undertow client not checking server identity presented by server certificate in https connections
    from 0, < 2.3.8-2
  • CRITICAL9.8CVE-2019-10212Potential to access user credentials from the log files when debug logging enabled
    from 0, < 2.0.27-1
  • CRITICAL9.8CVE-2019-3888Credential exposure through log files in Undertow
    from 0, < 2.0.23-1
  • CRITICAL9.6CVE-2025-12543Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
    from 0
  • HIGH8.7CVE-2026-28367Undertow is Vulnerable to HTTP Request/Response Smuggling
    from 0
  • HIGH8.7CVE-2026-28369Undertow is Vulnerable to HTTP Request/Response Smuggling
    from 0
  • HIGH8.7CVE-2026-28368Undertow is Vulnerable to HTTP Request/Response Smuggling
    from 0
  • HIGH8.6CVE-2020-1745Improper Authorization in Undertoe
    from 0, < 2.0.30-1
  • HIGH8.1CVE-2020-1757Improper Input Validation in Undertow
    from 0, < 2.1.0-1
  • HIGH7.5CVE-2024-4027Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
    from 0
  • HIGH7.5CVE-2024-3884Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
    from 0
  • HIGH7.5CVE-2025-9784Undertow MadeYouReset HTTP/2 DDoS Vulnerability
    from 0, < 2.3.20-1
  • HIGH7.5CVE-2023-1973Undertow Denial of Service vulnerability
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2023-1973Undertow Denial of Service vulnerability
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2024-7885Undertow vulnerable to Race Condition
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2024-5971Undertow Denial of Service vulnerability
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2024-5971Undertow Denial of Service vulnerability
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2024-6162Undertow's url-encoded request path information can be broken on ajp-listener
    from 0
  • HIGH7.5CVE-2024-6162Undertow's url-encoded request path information can be broken on ajp-listener
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2024-1635Undertow Uncontrolled Resource Consumption Vulnerability
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2023-5379A flaw was found in Undertow.
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2023-3223Undertow vulnerable to denial of service
    from 0, < 2.3.18-1
  • HIGH7.5CVE-2023-1108Undertow denial of service vulnerability
    from 0, < 2.3.8-2
  • HIGH7.5CVE-2022-1319A flaw was found in Undertow.
    from 0, < 2.2.17-1
  • HIGH7.5CVE-2022-2053Undertow vulnerable to Dos via Large AJP request
    from 0, < 2.2.18-1
  • HIGH7.5CVE-2021-3859Undertow vulnerable to Denial of Service (DoS) attacks
    from 0, < 2.2.16-1
  • HIGH7.5CVE-2021-3690Undertow vulnerable to memory exhaustion due to buffer leak
    from 0, < 2.2.10-1
  • HIGH7.5CVE-2021-3629Undertow Uncontrolled Resource Consumption
    from 0, < 2.2.12-1
  • HIGH7.5CVE-2019-14888Undertow vulnerable to Uncontrolled Resource Consumption
    from 0, < 2.0.30-1
  • HIGH7.5CVE-2017-12165Undertow Request Smuggling vulnerability
    from 0, < 2.0.23-1
  • HIGH7.5CVE-2018-1048Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
    from 0, < 1.4.22-1
  • HIGH7.5CVE-2020-27782Denial of service in Undertow
    from 0, < 2.2.4-1
  • HIGH7.5CVE-2020-10705Allocation of Resources Without Limits or Throttling in Undertow
    from 0, < 2.1.1-1
  • HIGH7.5CVE-2019-19343A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
    from 0, < 2.0.25-1
  • HIGH7.5CVE-2019-10184Undertow Missing Authorization when requesting a protected directory without trailing slash
    from 0, < 2.0.23-1
  • HIGH7.5CVE-2017-2670Moderate severity vulnerability that affects io.undertow:undertow-core
    from 0, < 1.4.18-1
  • HIGH7.4CVE-2023-4639Undertow incorrectly parses cookies
    from 0, < 2.3.18-1
  • HIGH7.4CVE-2023-4639Undertow incorrectly parses cookies
    from 0, < 2.3.18-1
  • MEDIUM6.5CVE-2018-1114Uncontrolled Resource Consumption in Undertow
    from 0, < 1.4.25-1
  • MEDIUM6.5CVE-2020-10719HTTP Request Smuggling in Undertow
    from 0, < 2.1.1-1
  • MEDIUM6.5CVE-2017-2666undertow - security update
    from 0, < 1.4.8-1+deb9u1
  • MEDIUM6.5CVE-2017-2666undertow - security update
    from 0, < 1.4.18-1
  • MEDIUM6.1CVE-2016-4993Improper Neutralization of CRLF Sequences in Wildfly Undertow
    from 0, < 1.4.3-1
  • MEDIUM6.1CVE-2017-7559Undertow vulnerable to Request Smuggling
    from 0, < 1.4.23-1
  • MEDIUM6.1CVE-2018-1067Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
    from 0, < 1.4.25-1
  • MEDIUM5.9CVE-2026-3260Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
    from 0
  • MEDIUM5.9CVE-2021-3597undertow Race Condition vulnerability
    from 0, < 2.2.10-1
  • MEDIUM5.9CVE-2016-7046Undertow Uncaught Exception vulnerability
    from 0, < 1.4.3-1
  • MEDIUM5.9CVE-2017-12196Incorrect Authorization in Undertow
    from 0, < 1.4.25-1
  • MEDIUM5.3CVE-2024-3653Undertow Missing Release of Memory after Effective Lifetime vulnerability
    from 0, < 2.3.18-1
  • MEDIUM5.3CVE-2024-3653Undertow Missing Release of Memory after Effective Lifetime vulnerability
    from 0, < 2.3.18-1
  • MEDIUM5.3CVE-2024-1459Undertow Path Traversal vulnerability
    from 0, < 2.3.18-1
  • MEDIUM5.3CVE-2018-14642Exposure of Sensitive Information to an Unauthorized Actor in Undertow
    from 0, < 2.0.23-1
  • MEDIUM4.9CVE-2022-2764A flaw was found in Undertow.
    from 0, < 2.2.21-1
  • MEDIUM4.8CVE-2021-20220HTTP request smuggling in Undertow
    from 0, < 2.2.0-1
  • MEDIUM4.8CVE-2020-10687HTTP Request Smuggling in Undertow
    from 0, < 2.2.0-1
  • CVE-2024-4109Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability.
    from 0