A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-02-23T17:21:44

Updated: 2024-08-03T17:30:07.487Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20220

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-23T18:15:13.397

Modified: 2024-11-21T05:46:09.377

Link: CVE-2021-20220

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-02-04T00:00:00Z

Links: CVE-2021-20220 - Bugzilla