← Back

CVE-2020-10705

nvd nist
Published: Jun 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Affected (5)

Redhat
3 products
Undertow
Jboss Enterprise Application Platform
Openshift Application Runtimes
Netapp
1 product
Oncommand Insight
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Undertow
Before 2.1.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Oncommand Insight
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Jboss Enterprise Application Platform
All versions
Openshift Application Runtimes
All versions
Configuration D
1 platform
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 8.0
Configuration E
1 platform
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 7.0
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jboss Enterprise Application Platform
Version 7.2
Running on/withPlatform Versions
Redhat
Enterprise Linux
Version 6.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.